Shell in a Browser

Encryption and Certificates

Although initial experiments with Shell In A Box on your local machine can do without encryption, you will definitely want to use SSL to safeguard your connections in production. You need a certificate for this, either in the current working directory or at a storage location you specify using the --cert=directory option.

Encrypting passwords and data between the sender and receiver keeps data safe against sniffing by unauthorized third parties. To add this level of security, you need a certificate, like those used by many websites (and mail servers) – people don’t typically notice them until the browser reports a certificate issue. The idea is that the certificates ensure that the server at the other end of the connection really is what it tells the client it is; otherwise, an attacker could simply spoof the authorized entity at the other end of the connection.

Certificates are issued by commercial certification authorities: They verify the identity of the certificate owner and then issue a certificate for a hostname. The browser automatically identifies the certificate as genuine: It trusts specific certificate authorities. CAcert is a community-based alternative solution.

Finally, another option is to create self-signed certificates with OpenSSL.

Create a key:

# openssl genrsa -des3 -out server.key 1024

Create a certificate signing request (CSR):

# openssl req -new -key server.key -out server.csr

Remove the password from the key:

# cp server.key server.key.org
# openssl rsa -in server.key.org -out server.key

Sign the CSR and create the certificate:

# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# cat server.crt server.key > certificate.pem

If you use a self-signed certificate (Figure 3) and access services secured in this way from other machines across the Internet, you should definitely take a close look at the certificate and compare the matching MD5/​SHA1 fingerprints.

Figure 3: A self-signed certificate in a web browser.

The Author

Wolfgang Dautermann is a system administrator who has tamed many flavors of Linux and various Unices, including Solaris, Irix, and Tru64. He is a co-organizer of Linux Days in Graz, Austria, which next convenes April 28 for its 10th annual meeting [http://www.linuxtage.at] (in German).

Related content

  • Remotely managing web access servers
    The Windows PowerShell web-based console lets you run PowerShell commands and scripts in your browser.
  • The best cmdlets for PowerShell
    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.
  • Top PowerShell Cmdlets

    Windows is no longer the system for mouse pushers. In the latest server version, the default installation installs without a GUI, and management via PowerShell is a part of everyday life for Windows administrators.

  • Security first with the Hiawatha web server
    The small but secure Hiawatha web server provides an appealing alternative to the complex Apache and other alternatives.
  • Automate the Active Directory Federation Services install
    Installing Active Directory Federation Services is complex and involves several GUIs. For admins entrusted with building a farm, repetitive clicking in various management consoles can become an annoying and error-prone process. The call for automation is loud.
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=