>I want to login on my freebsd remotely by ssh.

>I would like a html website that makes a shell and do everything over ssl.

You're asking for different things, but you should be asking for
different things--because there probably isn't a single solution
that will work in all cases.


Web-based Option: SSH terminal applet

I like AppGate's MindTerm (www.appgate.com/mindterm), but there
are others.  Caveats: (1) the web browser has to support Java;
(2) you will need to run a secure [https] server on the same
machine you want to SSH into [due to Java applet security
restrictions]; (3) you are still vulnerable to keystroke loggers
or other spyware on the client side.


Web-based Option: AJAX terminal client

The best known is Phil Endecott's AnyTerm (anyterm.org), but
Antony Lesuisse's Ajaxterm (antony.lesuisse.org/qweb/trac/wiki/AjaxTerm)
is becoming increasingly popular.  Caveats: (1) requires a
"modern" browser supporting XmlHTTP; (2) you will need to run a
secure [https] web server; (3) same as above; (4) likely to be
slow.


Option: Portable Software

Type "portable applications" (or "portable apps") into your
favorite search engine, and you'll find a whole bunch of
interesting things (including Firefox Portable and portaPuTTY).
You can stick these on a USB flash device.  Caveats: (1) requires
Microsoft Windows on the client side (versions other than 2000 or
XP may be problematic); (2) writable flash drives are susceptable
to malware that may be present on the client computer; (3) same
as above.


Option: Live CD

Booting a disc like FreeSBIE (www.freesbie.org) or KNOPPIX
(www.knopper.net/knoppix/index-en.html) isolates you from
whatever evil bits may be lurking on a computer's hard drive, and
gives you a predictable, reasonably trustable environment.
Caveats: (1) requires rebooting; (2) assumes it can configure
networking via DHCP, and there are no "corporate firewalls"
blocking egress; (3) still vulnerable to hardware keystroke
loggers, etc.


Option: None of the above

Use your own portable computer or smartphone.  Caveat: may
require subscription to a wireless carrier's data plan and/or
additional network adapter hardware


Always assume everything you do is being watched by someone else
who does not have your best interests in mind.  Use one-time
passwords (or some other replay-resistant authentication) to
enhance security.  Learn how to differentiate legitimate servers
from impostors; beware of "man-in-the-middle" attacks.  Spoofed
DNS and "transparent proxies" are more common than you think.

Web-based solutions generally require paying someone for
something, even if it's just a server certificate.

                                        -=EPS=-
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to