setup web ssh console in ezeelogin and ssh via browser

WEB SSH Console is  available within the GUI  from Ezeelogin 7.4.1 and above only. This feature lets you ssh using browser and does not need a ssh terminal.

 
White list your ip address from which you are accessing ,as certain firewall programs may detect the traffic to the port (52222) ( set it up as shown below in the article )  as an anomaly and block your ip, thus blocking  your access to ssh gateway.  
If you are upgrading Ezeelogin ssh gateway software from any version below 7.4.0 then you will have to reset ezeelogin gateway users password within the GUI otherwise you will get black blank screen on accessing web ssh.
Ensure that version of nodejs  is greater than 8.0.0. The web shell will not work if the version is <8.0.0. Check the node version using the command node -v
You can always use ssh clients like Putty in Windows, Terminal in MAC, Konsole,Xterm etc in Linux and ssh to the gateway. 

ssh -p <portnumber <admin_user>@<gateway-ip> would log you in.

 
Web Shell will work only if the web interface is accessed via HTTPS and  uses 2FA to login. Refer Enforce 2FA or Enable Google 2FA and install SSL Certificates and Enforce Https

1. Install the NODE JS Application on the Jumphost server.

On Centos 7

root@localhost:~ yum install epel-release

root@localhost:~ yum install npm

 On Ubuntu 16/18 and Debian 10

root@localhost:~ apt install npm

 On Ubuntu 20

root@localhost:~  apt-get update

root@localhost:~  apt install npm

 2. Install n, Node’s version manager:

If you are not using SSL, you need to set the repo to HTTP by running :

root@localhost:~ npm config set registry  http://registry.npmjs.org/

root@localhost:~  npm install -g n

 3. Install node by running :

To install the latest version:

root@locallhost:~ n latest

To install the corresponding version :

root@localhost:~ n version.number

For example, the below command will install node 14

root@localhost:~ n 14

Run the following  command to install node without SSL

root@localhost:~ n --insecure latest

To switch between node versions run the following command and refer to the given screenshot.

root@localhost:~  n

 

  


2.  Ensure that the path to the node binary is specified correctly under Settings->Generalsettings->Miscellaneous->Nodejs Command. The Web SSH Port variable is configurable. Ensure that port entered here is open for inbound traffic as well.

webshell

The  NodeJS Command field should have the path to the node or nodejs binary which usually is /usr/bin/node in the case of Centos7 and /usr/bin/nodejs in the case of Ubuntu 14-04

Ensure that inbound tcp traffic on port 52222 is open as nodejs server listens on this port. The command 'which node' or  'which nodejs' or 'whereis nodejs'  , 'whereis node' would give you the path to the node binary. Run 'node -v/nodejs -v' and ensure that the version of node to be used is above 8.0.0

 

3. Make sure to enable 2factor authentication and install the ssl as outlined below for the webshell icon to be visible.

 

4. Install the Certificates for the Web SSH Console Application to work. Generate a self-signed cert with following command

root@jumpserver:~# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /usr/local/etc/ezlogin/tls_cert.pem -keyout  /usr/local/etc/ezlogin/tls_key.pem 

Or put a valid ca, cert and key in the files: /usr/local/etc/ezlogin/tls_ca.pem, /usr/local/etc/ezlogin/tls_cert.pem & /usr/local/etc/ezlogin/tls_key.pem respectively. You can rename your current .crt / .key file to .pem file. 

Also, make sure that the .pem files are readable by the webserver user such as nobody/www-root/apache etc. An easy way to grant the webuser read privileges would be chmod 644 /usr/local/etc/ezlogin/*.pem.  Restart node process after replacing the certificates. Run the command "  pkill -9 node " to stop node process and it would be restarted on clicking the "Open Web SSH console"  icon in the servers tab in GUI.

 

5.  Ensure that password authentication is enabled from the localhost alone in the sshd configuration file( /etc/ssh/sshd_config ) on the jump server.Add the following parameters to the END of /etc/ssh/sshd_config file.

Match Address 127.0.0.1

PermitRootLogin yes

PubkeyAuthentication yes

PasswordAuthentication yes

 

6. Install the NodeJS modules dependencies for the WebSSH Console Application.

cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/&& npm install


7.  Ensure that the user or the Usergroup has the privilege to access the webshell feature. Grant it as follows. Access Control->UserGroup-Action-><select user group->Servers->web ssh Console

web-shell-acl

webshell-acl

 

8.  Click on the Web SSH Console feature under the Servers tab

web ssh 


9. The web ssh console  would open on browser tab and will look as shown below.

Troubleshooting 



  • Ensure that Node version is above 10  and NPM Version is >=5     

[root@otp webssh]# npm -v

6.14.6

[root@otp webssh]# node -v

v10.22.0  

  • Start the WebSSH Console node application manually to determine any errors.    

root@jump-host:~   DEBUG=* PORT=52222 node $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/index.js

  • Install the Node modules required by the node application  

    root@jump-host:~ cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/&& npm  install

4.57 (7)
Article Rating (7 Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    Google 2 factor authentication fails randomly
    Viewed 2407 times since Wed, Jun 14, 2017
    PHP Fatal error: The file /usr/local/sbin/backup_ezlogin.php was encoded by the ionCube Encoder for PHP. Ioncube Encoder Error during Ezeelogin upgrade
    Viewed 1585 times since Tue, Jul 24, 2018
    How can i disable MySQL strict mode ?
    Viewed 4129 times since Tue, Feb 12, 2019
    npm ERR! cb.apply is not a function
    Viewed 2757 times since Wed, Oct 7, 2020
    Internal command ezinfo or ezlist does not work even though i am in the admins group.
    Viewed 3578 times since Thu, Nov 23, 2017
    How to bypass the group menu in the backend shell and go directly to the entire server listing?
    Viewed 2726 times since Tue, Mar 27, 2018
    Set SSH User Expiry
    Viewed 2308 times since Thu, Sep 20, 2018
    ERROR for site owner: Invalid domain for site key
    Viewed 6923 times since Thu, Jun 28, 2018
    Blank page when clicking add server
    Viewed 2416 times since Wed, Aug 16, 2017
    Configuration and error log files to check for troubleshooting
    Viewed 6916 times since Thu, Jun 15, 2017