Download Latest Version
sshallow.zip (6.0 kB)
Get an email when there's a new version of SSHAllow
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| sshallow | 2010-01-12 | ||
| sshallow.zip | 2010-01-12 | 6.0 kB | |
| readme.txt | 2010-01-12 | 2.4 kB | |
| archive.bat | 2010-01-12 | 86 Bytes | |
| compile.bat | 2010-01-12 | 71 Bytes | |
| servlet.jar | 2010-01-12 | 79.3 kB | |
| SSHAllow.jar | 2010-01-12 | 3.5 kB | |
| web.xml | 2010-01-12 | 2.9 kB | |
| Totals: 8 Items | 94.3 kB | 1 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. What is the purpose of this webapp? To allow password-based ssh access from a dynamic list of IP addresses. Why not just add all of the IPs that you are going to connect from to the hosts.allow file? Because I don't know them all in advance. Why not use key-based ssh? I don't like to carry a key file around. I don't like having the key on computers that I don't own. But your password is still on that machine? Yes, but there is always some risk. Besides this webapp makes it easy to see that this foreign IP is in the access list and easy to remove it when I am done with that computer. How does this webapp add an IP to the access list? Easy, you just open your browser to the webapp's URL and hit the "add me" button. Why not just use Denyhosts or similar? I don't like it emailing me all the time (I know I can change). It doesn't prevent distributed attacks. It wastes cpu cycles looking at the log. Should I password protect this webapp? Yes. I use basic authentication. Should I require SSL to be used to connect to this webapp? Yes. Should I change the name of this webapp from "sshallow" so that the URL to access it is different? Yes. If lots of people start using this, it is just as easy for a hacker to try to hack this webapp as it is for them to hack a ssh server. Should I deny all connections to sshd by default using hosts.deny file? Yes! Why shouldn't I just use port knocking? You could, but this makes the hacker guess a URL, username, password instead of just a port number. What else should I know about setting this up? Read the comments in the web.xml file.