0

I have a small debian server colocated which hosts a domain and a single flat file site via lighttpd. For a variety of reasons I'd like to be able to run ssh in browser (without a browser plugin) via HTTPS. I will need to create a self signed certificate, as I don't have the funds to pay for one.

I've seen various solutions such as shellinabox and gateone.

Does anyone have experience or advice of which solution to use and how best to secure this?

TIA

Dr.Avalanche
  • 133
  • 1
  • 1
  • 13

1 Answers1

0

There are various options like NaCl, fireSSH and as you already mentioned Shell In A Box. I'd personally recommend the last one if you need it for pentesting purposes, since it's the only one that actually uses SSL/TLS and would not trigger an alert in any IPS/Deep Packet Inspection device. (Most of these tools will trigger an alert since they are just browser based SSH or non SSL traffic through port 443)

Gabriel Talavera
  • 1,367
  • 1
  • 11
  • 18