...making Linux just a little more fun!

<-- 2c Tips | TAG Index | 1 | 2 | 3 | 4 | Knowledge Base | News Bytes -->

The Answer Gang

By Jim Dennis, Jason Creighton, Chris G, Karl-Heinz, and... (meet the Gang) ... the Editors of Linux Gazette... and You!



(?) Making SSH a supported protocol

From Mark Jacobs

Answered By: Ben Okopnik, Jimmy O'Regan

Gang,

I manage a web server that is used by an internal help desk, currently this help desk uses telnet to access aix servers on our corporate wan. I have multiple pages that serve URL's to the aix machines e.g. telnet://hostname <telnet://hostname/> . We are in the process of changing all of these servers to use SSH and need to know how to make ssh://hostname a registered protocol so that I can convert my links and have them work. I am unable to find any information on where/how you set up a protocol and associate it with an application. Is this a system or browser issue? Any information you might have or be able to point me to would be a big help.

(!) [Ben] In the future, please send your questions in plain text; that's the accepted format for The Answer Gang. The instructions for setting your mail client to do this, as well as much other relevant information, can be found in the "Asking Questions of The Answer Gang" FAQ at http://linuxgazette.net/tag/ask-the-gang.html
Regarding your question, there's no "registration" that you can do to make SSH magically happen from the server side: URLs are parsed on the client end, by the specific browser that's being used.
Note that some browsers - e.g., Konqueror - do parse 'ssh://' URIs; they fire up a console with a login prompt (which is, of course, the correct response - SSH is a secure SHELL protocol.) Konqueror also supports the 'fish://' protocol - an SSH-based connection that allows file viewing and could be a bit closer to what you want... or maybe not.
The problem is that most other browsers do not support these schemes - and many cannot even be adapted to do so. There's a huge number of browsers operating on a number of OSes, and unless your company has some sort of a draconian software policy, you have no way to restrict them or control which ones people use.
The obvious solution here, in my opinion, is to run a web server, and place your documents on it. Telnet should go away - sending passwords across the network in plain text and IP-based authentication are not sensible things to do in today's world. Running a web server, particularly a simple, read-only one like "thttpd", is a trivial task requiring either no or only a few seconds of configuration, and the replacement of telnet by SSH and HTTP should significantly decrease your vulnerability profile.
(!) [Jimmy] For Mozilla, you can add protocol support using Javascript: the URN support XPI (http://piro.sakura.ne.jp/xul/_urnsupport.html.en) is a good example. (The URL specific code can be found here: http://piro.sakura.ne.jp/xul/codes/urnsupport/content/urnsupport/URNRedirectService.js)
For Konqueror, you add protocol support by writing a KIOSlave. There's a tutorial here: http://www.heise.de/ct/english/01/05/242
For Dillo, you write a DPI: http://www.dillo.org/dpi1.html
If for whatever reason you need to run Internet Explorer using Wine, you can add protocol support by following the example of this mail (http://www.winehq.org/hypermail/wine-patches/2005/06/0776.html - a patch to add support for MS's res: protocol to Wine), and this mail (http://www.winehq.org/hypermail/wine-patches/2005/07/0049.html - registers the protocols). This is Linux/Wine specific though :)

This page edited and maintained by the Editors of Linux Gazette
HTML script maintained by Heather Stern of Starshine Technical Services, http://www.starshine.org/


Each TAG thread Copyright © its authors, 2005

Published in issue 117 of Linux Gazette August 2005

<-- 2c Tips | TAG Index | 1 | 2 | 3 | 4 | Knowledge Base | News Bytes -->
Tux