anytermd man page

anytermd — A terminal-emulating HTTP daemon

Synopsis

anytermd [--command arg] [--device arg] [--port arg] [--user arg] [--auth arg] [--charset arg] [--foreground] [--diff] [--nodiff] [--max-sessions arg] [--max-http-connections arg] [--local-only] [--name arg]

anytermd --help

Description

Anyterm provides a terminal window on a web page, so you can run command-line programs on a machine even when the only access to it is over HTTP.

Anyterm consists of some Javascript on a web page, an XmlHttpRequest channel on standard ports back to the server, an HTTP proxy such as Apache's mod_proxy and the Anyterm daemon. The daemon, anytermd, uses a pseudo-terminal to communicate with a shell or other application, and includes terminal emulation. Key presses are picked up by the Javscript which sends them to the daemon; changes to the emulated screen are sent from the daemon to the Javascript which updates its display. Performance is quite reasonable and SSL can be used to secure the connection. For security reasons, it is highly recommended that anytermd NOT be exposed directly to the Internet! See the section Security below.

Options

Default values are indicated in parentheses ().

-c | --command arg (=/bin/bash)
Command to run in terminal
-d | --device arg
Device to connect to (e.g. serial port)
-p | --port arg (=8080)
Port number to listen on
-u | --user arg
User to run as
-a | --auth arg (=none)
Authorisation: none|null|trivial
-s | --charset arg (=ascii)
Character set
-f | --foreground
run in foreground
--diff
Send only differences to browser
-n | --nodiff
Send whole screen to browser each time
-m | --max-sessions arg (=20)
Maximum number of simultaneous sessions
--max-http-connections arg (=unlimited)
Maximum number of simultaneous HTTP connections
--local-only
Accept connections only from localhost
--name arg (=anyterm)
Name used for logging and pid file
--help
show help message

Security

Do not run anytermd as root.

Anyterm's code has not been audited for security. It is almost certainly possible to cause it to crash by sending it invalid input, and experience suggests that this sort of weakness can also be exploited to allow arbitary code execution.

Note that all CGI applications and similar programs are subject to this sort of problem, though some are better written than others. The Anyterm code does not need run with a higher priviledge level than any other web application, so weaknesses in Anyterm do not put your system at any higher risk than weaknesses in any other web application would.

Avoid exposing anytermd directly to the Internet.

anytermd should be used only as a backend service, reachable only via a frontend HTTPS proxy, such as Apache, that requires authentication. http://anyterm.org/1.1/install.html gives examples of how to set this up.

A more complete and up-to-date discussion of security issues in anytermd can be found at http://anyterm.org/security.html.

Examples

If you just want to test Anyterm, you can do:

anytermd --local-only

and then connect to http://localhost:8080 with your Javascript-enabled web browser. The brower should display a terminal window containing a bash command prompt owned by the user who started anytermd.

If you want to set up SSH-over-HTTP access on localhost:8022, you might run it as:

anytermd --command "/usr/bin/ssh -o your-username@localhost" --port 8022 --user nobody --charset utf-8 --local-only

See Also

Anyterm is more fully documented on its web site, http://anyterm.org/. The web site may be more up-to-date than this man page.

Author

Anyterm is written by Phil Endecott. This man page was contributed by Eric Rossen.

Info

1.1.27 Phil Endecott