[TAG] Making SSH a supported protocol
Benjamin A. Okopnik
ben at linuxgazette.net
Fri Jun 10 22:53:21 MSD 2005
On Fri, Jun 10, 2005 at 12:32:39PM -0500, Jacobs, Mark wrote:
> Gang,
>
> I manage a web server that is used by an internal help desk, currently this
> help desk uses telnet to access aix servers on our corporate wan. I have
> multiple pages that serve URL?s to the aix machines e.g. telnet://hostname. We
> are in the process of changing all of these servers to use SSH and need to know
> how to make ssh://hostname a registered protocol so that I can convert my
> links and have them work. I am unable to find any information on where/how you
> set up a protocol and associate it with an application. Is this a system or
> browser issue? Any information you might have or be able to point me to would
> be a big help.
Hi, Mark -
In the future, please send your questions in plain text; that's the
accepted format for The Answer Gang. The instructions for setting your
mail client to do this, as well as much other relevant information, can
be found in the "Asking Questions of The Answer Gang" FAQ at
<http://linuxgazette.net/tag/ask-the-gang.html>.
Regarding your question, there's no "registration" that you can do to
make SSH magically happen from the server side: URLs are parsed on the
client end, by the specific browser that's being used.
Note that some browsers - e.g., Konqueror - do parse 'ssh://' URIs; they
fire up a console with a login prompt (which is, of course, the correct
response - SSH is a secure *SHELL* protocol.) Konqueror also supports
the 'fish://' protocol - an SSH-based connection that allows file
viewing and could be a bit closer to what you want... or maybe not.
The problem is that most other browsers do not support these schemes -
and many cannot even be adapted to do so. There's a huge number of
browsers operating on a number of OSes, and unless your company has some
sort of a draconian software policy, you have no way to restrict them or
control which ones people use.
The obvious solution here, in my opinion, is to run a web server, and
place your documents on it. Telnet _should_ go away - sending passwords
across the network in plain text and IP-based authentication are not
sensible things to do in today's world. Running a web server,
particularly a simple, read-only one like "thttpd", is a trivial task
requiring either no or only a few seconds of configuration, and the
replacement of telnet by SSH and HTTP should significantly decrease your
vulnerability profile.
* Ben Okopnik * Editor-in-Chief, Linux Gazette * http://linuxgazette.net *
More information about the TAG
mailing list