[AjaxTerm] Mengakses ssh melalui situs anda..

Ingin mengakses situs anda, tapi demi keamanan bersama semua port dikantor yang tidak diperlukan harus ditutup oleh pihak ke 3. Dengan menggunakan beberapa trik maka anda bisa mengakses shell anda secara aman dan nyaman melalui website atau situs anda.

Catatan : Penulis mencoba instalasi pada Debian Lenny/Sid. Kerusakan yang ditimbulkan merupakan tanggung jawab masing-masing individu.

Berikut tahap-tahap instalasi.

# Instalasi AjaxTerm

1. #>apt-get update dan apt-get upgrade -> hal ini perlu dilakukan sebelum instalasi, untuk mengupgrade linux anda.

2. #>apt-get install ajaxterm -> dilakukan pada debian etch atau debian lenny/sid

Reading package lists… Done
Building dependency tree
Reading state information… Done
Recommended packages:
apache2 httpd
The following NEW packages will be installed:
ajaxterm
0 upgraded, 1 newly installed, 0 to remove and 14 not upgraded.
Need to get 39.4kB of archives.
After unpacking 254kB of additional disk space will be used.
Get:1 http://komo.vlsm.org sid/main ajaxterm 0.10-1 [39.4kB]
Fetched 39.4kB in 3s (10.5kB/s)
Selecting previously deselected package ajaxterm.
(Reading database … 26156 files and directories currently installed.)
Unpacking ajaxterm (from …/ajaxterm_0.10-1_all.deb) …
Setting up ajaxterm (0.10-1) …
Starting web based terminal: ajaxterm.

3. #> vi /etc/ssh/ssh_config
//uncomment: PasswordAuthentication yes

Restart ajaxterm

4. #> /home/sany# /etc/init.d/ajaxterm restart

Lakukan percobaan apakah port 8022 sudah aktif

5. #> netstat -tanp |grep 8022
tcp 0 0 127.0.0.1:8022 0.0.0.0:* LISTEN 19668/python

6. #> telnet localhost 8022

Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.

Setelah ajaxterm selesai maka kita melakukan konfigurasi dulu ke apache2 anda.

7. Aktifkan beberapa modul apache2 terlebih dahulu.

#> ln -s /etc/apache2/mods-available/proxy.conf /etc/apache2/mods-enabled/proxy.conf
#> ln -s /etc/apache2/mods-available/proxy.load /etc/apache2/mods-enabled/proxy.load
#> ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load

8. Setting apache anda.

#> vi /etc/apache2/sites-available/default

NameVirtualHost *:80
NameVirtualHost *:443

#Bagian ini sudah default dari apache2

<VirtualHost *:80>
ServerAdmin webmaster@localhost

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2’s default start page
# in /apache2-default/, but still have / go to the right place
RedirectMatch ^/$ /apache2-default/
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory “/usr/lib/cgi-bin”>
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ “/usr/share/doc/”
<Directory “/usr/share/doc/”>
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>

# Yang ini untuk menambahkan SSL pada https

<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.cert
SSLCertificateKeyFile /etc/apache2/ssl/server.key
ServerName ssh.sanyasyari.com
ServerAdmin sany.asyari@gmail.com

ProxyRequests Off
<Proxy *>
AuthUserFile /home/sany/.htpasswd
AuthName EnterPassword
AuthType Basic
require valid-user
Order Deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8022/
ProxyPassReverse / http://localhost:8022/
</VirtualHost>

<VirtualHost ssh.sanyasyari.com:80>
ServerName ssh.sanyasyari.com
RedirectMatch ^/$ https://ssh.sanyasyari.com
</VirtualHost>

Nah pada apache2 ini akan ditambahkan.

1. SSL untuk Https menggunakan openSSL

2. Autotifikasi login apache sebelum memasuki situs ssh.sanyasyari.com.

Nah selanjutnya instalasi openSSL

9. #> apt-get install openssl ssl-cert

Reading package lists… Done
Building dependency tree
Reading state information… Done
Suggested packages:
ca-certificates
The following NEW packages will be installed:
openssl ssl-cert
0 upgraded, 2 newly installed, 0 to remove and 14 not upgraded.
Need to get 1012kB of archives.
After unpacking 2339kB of additional disk space will be used.
Get:1 http://komo.vlsm.org sid/main openssl 0.9.8e-8 [1001kB]
Get:2 http://komo.vlsm.org sid/main ssl-cert 1.0.14 [11.1kB]
Fetched 1012kB in 1m23s (12.2kB/s)
Preconfiguring packages …
Selecting previously deselected package openssl.
(Reading database … 26158 files and directories currently installed.)
Unpacking openssl (from …/openssl_0.9.8e-8_i386.deb) …
Creating directory /etc/ssl
Selecting previously deselected package ssl-cert.
Unpacking ssl-cert (from …/ssl-cert_1.0.14_all.deb) …
Setting up openssl (0.9.8e-8) …
Setting up ssl-cert (1.0.14) …

Kemudian membuat beberapa sertifikat

#> openssl req -new > server.csr
#> openssl rsa -in privkey.pem -out server.key
#> openssl x509 -in server.csr -out server.cert -req -signkey server.key -days 365

Pada bagian-bagian tersebut akan diminta memasukkan beberapa informasi yang harus anda isi. Silahkan anda isi dengan benar. Serta letakkan file tersebut ke /etc/apache2/ssl/ -> Tidak default, hanya berdasarkan konfigurasi diatas.

10. #> Seteleh selesai maka kita buat autontifikasi login ke situs

Buat file .htpassword

11. htpasswd -c .htpasswd sany