Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Question and Possible bug. #31

Open
dougreed opened this issue Feb 12, 2020 · 4 comments
Open

Question and Possible bug. #31

dougreed opened this issue Feb 12, 2020 · 4 comments

Comments

@dougreed
Copy link

I have an interesting issue.

Your ssh terminal implementation is absolutely beautiful, and I really want to use the code in my project!

I am trying to use your code as a proxy to allow a user to create SSH sessions in a Web based Tomcat network monitoring application. Essentially, I took your source code and dropped it into the 'webapp' directory of a Tomcat application. Hacked 'index.html' slightly to create a file 'ssh.jsp'. It isn't much different except that it has some extra bits to get make it work as a tomcat action target. The rest of your application is unchanged. On the Tomcat Server, I installed your version of wsproxy.

When I finished all of this, it worked if I used 'http' and 'ws' protocol, but it failed if I used 'https' and 'wss'. I got busy and left it alone for a while because I didn't have time to play with it. I recently came back to it, and can no longer duplicate my success even without security. Browsers keep updating their security, and if I remember correctly, it never worked on some browsers (I tested at the time with Chrome, Firefox, Opera, and Safari). I don't recall which browsers did, and did not work. I can't run my application with 'http', especially since browsers are tightening security. I don't much like using wsproxy as it is a huge security hole, but at least my application lives inside a walled environment. I tried building a Webproxy interface in Java through tomcat, so that I could avoid running an external program, which works, but I don't know the subtlety of the security and protocol exchanges. I wish I could just open an SSH session in Java, and tie STDIN, STDOUT, and STDERR to your application, but that might not work over HTTPS, and I don't understand your application enough to try.

... anyway...

I am using valid keys in both Tomcat and wsproxy, and get 'Connection accepted' in wsproxy.

SSHy complains:
'InvalidCharacterError: String contains an invalid character' in the 'atob' call.

I put a try/catch around it, and ran a 'JSON.stringify' on 'e.data' in the catch, and it is simply receiving an empty string '{}'. I looked at the object in debug, and there is not text contained in the 'e.data' object.

I am not sure what it should receive, and why it isn't receiving what it should.

I would love to work with you to resolve it. Feel free to contact me via email if you wish.

@stuicey
Copy link
Owner

stuicey commented Feb 15, 2020

Are you positive you've used the forked version of wsproxy? I know its fumbled a couple people in the past where they've used the normal version.

All wsproxy does is provide a multiplex bridge between websocket connections and raw sockets. So you could write your own java implementation of this pretty easily. It would just need to be able to convert ws://example.com:5999/10.0.0.1:22 to tcp://10.0.0.1:22. Additionally the current implementation converts to & from base64 (though this could be removed).

On the back of your security concerns, SSHy is an end-to-end encrypted system. So running it over WSS doesn't give much benefit on your SSH session. I do understand the desire though when you would get some useful features from HTTPS.

@dougreed
Copy link
Author

dougreed commented Feb 15, 2020 via email

@stuicey
Copy link
Owner

stuicey commented Feb 15, 2020

Odd then, I would expect 'String contains an invalid character' to come out if you were using the other version. Do you get anything if you try console.log(e.data) instead of using JSON.stringify()?

I'm happy to provide best endeavors support for this but if you're seeking professional services then we should drop to email or IM.

@dougreed
Copy link
Author

dougreed commented Feb 15, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants