Skip to Content

setup web ssh console in ezeelogin and ssh via browser

How to set up the WebSSH console in Ezeelogin and SSH via browser?

WEB SSH Console is available within the GUI  from Ezeelogin 7.4.1 and above only. This feature lets you SSH use a browser and does not need an SSH terminal.

  1. White list your IP address from which you are accessing, as certain firewall programs may detect the traffic to the port (52222) ( set it up as shown below in the article )  as an anomaly and block your IP, thus blocking your access to the SSH gateway.  
  2. If you are upgrading the Ezeelogin SSH gateway software from any version below 7.4.0 then you will have to reset the Ezeelogin gateway user's password within the GUI otherwise you will get a black blank screen on accessing web ssh.
  3. Ensure that the version of node js is greater than 19.0.0. The web shell will not work if the version is <19.0.0. Check the node version using the command node -v

You can always use ssh clients like Putty in Windows, Terminal in MAC, Konsole, Xterm, etc in Linux, and ssh to the gateway to login.

:~# ssh -p <portnumber <admin_user>@<gateway-ip> 

Note: Web Shell will work only if the web interface is accessed via HTTPS and uses 2FA to log in. Refer to Enforce 2FA or Enable Google 2FA and install SSL Certificates and Enforce Https

1. Install the NODE JS Application on the Jumphost server.

    On Centos 7

root@localhost:~ yum install epel-release

root@localhost:~ yum install npm

    On Ubuntu 16/18 and Debian 10

root@localhost:~ apt install npm

    On Ubuntu 20/22

root@localhost:~ apt-get update

root@localhost:~ apt install npm

2. Install n, Node’s version manager:

   If you are not using SSL, you need to set the repo to HTTP by running :

root@localhost:~ npm config set registry

root@localhost:~ npm install -g n

 3. Install node by running :

   To install the latest version:

root@locallhost:~ n latest

   To install the corresponding version :

root@localhost:~ n version.number

  For example, the below command will install node 19

root@localhost:~ n 19

    Run the following  command to install node without SSL

root@localhost:~ n --insecure latest

    To switch between node versions run the following command and refer to the given screenshot.

root@localhost:~  n

2Ensure that the path to the node binary is specified correctly under Settings >> General >> Miscellaneous >> NodeJS Command. The Web SSH Port variable is configurable. Ensure that the port entered here is open for inbound traffic as well.

The  NodeJS Command field should have the path to the node or nodejs binary which usually is /usr/bin/node in the case of Centos7 and /usr/bin/nodejs in the case of Ubuntu 14-04

Ensure that inbound TCP traffic on port 52222 is open as nodejs server listens on this port. The commands 'which node' or  'which nodejs' or 'whereis nodejs'  , 'whereis node' would give you the path to the node binary. Run 'node -v/nodejs -v' and ensure that the version of node to be used is above 19.0.0

3. Make sure to enable 2-factor authentication and install the SSL as outlined below for the web shell icon to be visible.

Make sure to install SSL (self-signed or a valid cert )even if you have installed an SSL certificate on the Load balancer (ELB/ALB). Also, make sure to add a listener and routing for the port Web SSH Port 52222

4. Install the Certificates for the Web SSH Console Application to work. Generate a self-signed cert with the following command

root@jumpserver:~# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /usr/local/etc/ezlogin/tls_cert.pem -keyout  /usr/local/etc/ezlogin/tls_key.pem 

Or put a valid Cert and Key in the files:  /usr/local/etc/ezlogin/tls_cert.pem & /usr/local/etc/ezlogin/tls_key.pem respectively. You can rename your current .crt / .key file to .pem file. 

Also, make sure that the .pem files are readable by the webserver user such as nobody/www-root/apache etc. An easy way to grant the web user read privileges would be chmod 644 /usr/local/etc/ezlogin/*.pem.  Restart the node process after replacing the certificates. Run the command "  pkill -9 node " to stop the node process and it will be restarted by clicking the "Open Web SSH console"  icon in the servers tab in GUI.

You can use the OpenSSL s_client commands to test SSL connectivity if you got any SSLconnectivity error for web ssh / Ezeelogin GUI

john@johnpc~#$  openssl s_client -connect -showcerts

john@johnpc~#$  openssl s_client -connect -showcerts

5.  Ensure that password authentication is enabled from the local host alone in the sshd configuration file( /etc/ssh/sshd_config ) on the jump server. Add the following parameters to the END of /etc/ssh/sshd_config file.

Match Address

PermitRootLogin yes

PubkeyAuthentication yes

PasswordAuthentication yes

6. Install the NodeJS module dependencies for the WebSSH Console Application.

1. php /usr/local/ezlogin/eztool.php -- -install_node_modules -node_component webssh


2. cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/&& npm install

7.  Ensure that the user or the Usergroup has the privilege to access the web shell feature. Grant it as follows. Access Control->UserGroup-Action-><select user group->Servers->web ssh Console

8.  Click on the Web SSH Console feature under the Servers tab

9. The web ssh console would open on the browser tab and will look as shown below.

Troubleshooting Steps:
  • Ensure that Node version is above 19  and NPM Version is >=6     

[root@otp webssh]# npm -v


[root@otp webssh]# node -v


  • Start the WebSSH Console node application manually to determine any errors.    

root@jump-host:~ DEBUG=* PORT=52222 node $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/index.js

  • Install the Node modules required by the node application  

:~# cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/&& npm  install

  • If you have received the following ERROR: Segmentation fault (core dumped), make sure to delete the node modules in the webSSH application directory and re-update them again using the following commands:

:~# cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/ && rm -rf node_modules && npm install && pkill -9 node