Shell in A Box as web based Terminal Emulation for VISTA...
162 views
Skip to first unread message
Sam Habiel
Aug 26, 2011, 2:21:56 PM8/26/11
to hardhats
I threw the worst at it, and it can handle it. Screenman and Listman
forms work ok. Totally web-based Ajaxy Terminal Emulator. Can encrypt
communication if you supply it with a certificate.
forms work ok. Totally web-based Ajaxy Terminal Emulator. Can encrypt
communication if you supply it with a certificate.
http://code.google.com/p/shellinabox/
Here's a screenshot to prove it.
Sam
Nancy Anthracite
Aug 26, 2011, 3:13:22 PM8/26/11
to hard...@googlegroups.com, Sam Habiel
Now this is cool. I would like to be able to log into a server from a machine
anywhere with only port 80 access.
anywhere with only port 80 access.
Does it work on a smart phone I wonder? Every once in a dog's age I would
like to have a terminal I could use from cell phone - to change a password or
something like that.
--
Nancy Anthracite
Sam Habiel
Aug 26, 2011, 3:26:54 PM8/26/11
to nanth...@earthlink.net, hard...@googlegroups.com
My thoughts are to replace putty and replace TMG-Console. TMG-Console
has given me a lot of headaches lately and it's just not good enough
to cut it with the users. But this is easily embedable as a web page
in TMG-CPRS and it can work pretty well. The trick is getting single
sign-on to work so that users don't have to sign in again.
has given me a lot of headaches lately and it's just not good enough
to cut it with the users. But this is easily embedable as a web page
in TMG-CPRS and it can work pretty well. The trick is getting single
sign-on to work so that users don't have to sign in again.
Sam
Matt King
Aug 26, 2011, 4:14:01 PM8/26/11
to Hardhats
Great work Sam!
m
m
geky
Aug 27, 2011, 3:07:28 AM8/27/11
to Hardhats
The only problem is that it requires utf as far as
I know, while default configuration for Astronaut/Vista
is not utf ... I posted a message to their forum
20 days ago and asked if it is possible to configure it
with ISO but got no answer. I also researched similar
emulators like anyterm, but SIAB (ShelInaBox) is far the
easiest to install and configure (at least under Ubuntu).
I also tried to access my server from my Android
smartphone, and indeed was presented with the ubuntu
login, but did not try to login because was not sure
how to access the virtual keyboard of my phone at
that moment, in order to enter my username/password.
I know, while default configuration for Astronaut/Vista
is not utf ... I posted a message to their forum
20 days ago and asked if it is possible to configure it
with ISO but got no answer. I also researched similar
emulators like anyterm, but SIAB (ShelInaBox) is far the
easiest to install and configure (at least under Ubuntu).
I also tried to access my server from my Android
smartphone, and indeed was presented with the ubuntu
login, but did not try to login because was not sure
how to access the virtual keyboard of my phone at
that moment, in order to enter my username/password.
Sam Habiel
Aug 27, 2011, 10:03:53 AM8/27/11
to hard...@googlegroups.com
Geky,
Good to know that you tried it.
Sam
2011/8/27 geky <ge...@teiser.gr>:
> --
> http://groups.google.com/group/Hardhats
> To unsubscribe, send email to Hardhats+u...@googlegroups.com
>
Nancy Anthracite
Aug 27, 2011, 10:24:25 AM8/27/11
to hard...@googlegroups.com
Sam, did you use the same app on your Android phone? I have never installed
an application on my Android phone.
an application on my Android phone.
--
Nancy Anthracite
kdt...@gmail.com
Aug 27, 2011, 3:56:45 PM8/27/11
to Hardhats
Sam and I have talked about this off line.
It was important to me to be able to use this from home, and I didn't
want to have separate login's. Because otherwise one might as well be
running PuTTY in a separate window. The only difference would be
semantics. So, as Sam says, single-sign on would be important.
Sam, if you had a way to send characters to the web application (i.e.
simulate keystrokes), then maybe you could have an RPC that would ask
the server for credential for SSH login in. Then send the log-in
characters to the terminal emulator.
If one wants to use this from home, there would need to be one SSH
port open that would cause automatic login to VistA, and another SSH
connection for port-forwarding of RPC traffic.
One of the concerns about the TMG-console was that the emulator did
not act like people expected, i.e. like PuTTY (i.e. infinite scroll-
back etc.) And the up-arrow caused the cursor to move instead of
recalling the last command. The console code came from an open-
sourced commercial product, so I suspect that it is acting exactly
like an old VT-100. As such, I wonder if there is an escape sequence
that would alter the way that the arrow keys are handled.
Kevin
It was important to me to be able to use this from home, and I didn't
want to have separate login's. Because otherwise one might as well be
running PuTTY in a separate window. The only difference would be
semantics. So, as Sam says, single-sign on would be important.
Sam, if you had a way to send characters to the web application (i.e.
simulate keystrokes), then maybe you could have an RPC that would ask
the server for credential for SSH login in. Then send the log-in
characters to the terminal emulator.
If one wants to use this from home, there would need to be one SSH
port open that would cause automatic login to VistA, and another SSH
connection for port-forwarding of RPC traffic.
One of the concerns about the TMG-console was that the emulator did
not act like people expected, i.e. like PuTTY (i.e. infinite scroll-
back etc.) And the up-arrow caused the cursor to move instead of
recalling the last command. The console code came from an open-
sourced commercial product, so I suspect that it is acting exactly
like an old VT-100. As such, I wonder if there is an escape sequence
that would alter the way that the arrow keys are handled.
Kevin
kdt...@gmail.com
Aug 27, 2011, 4:05:05 PM8/27/11
to Hardhats
Sam,
Can you provide details on how you did this? It does look very cool.
But when I look at the documentation, it looks like shellinaboxd is a
server, not a client application. There is something there about
setting up Apache with reverse-proxy entry. Is that you you did it?
(If so, I hope not, because I think that requiring Apache to get CPRS
working properly is a step backwards.)
Kevin
> ShellInABoxOnVISTA.png
> 345KViewDownload
Can you provide details on how you did this? It does look very cool.
But when I look at the documentation, it looks like shellinaboxd is a
server, not a client application. There is something there about
setting up Apache with reverse-proxy entry. Is that you you did it?
(If so, I hope not, because I think that requiring Apache to get CPRS
working properly is a step backwards.)
Kevin
> 345KViewDownload
sam.h...@gmail.com
Aug 27, 2011, 4:18:20 PM8/27/11
to hard...@googlegroups.com
If you are around in the evening, I would like to demo it and see what you think.
-- Sent from my Palm Pre
> > On Friday, August 26, 2011, Sam Habiel wrote:
> >> I threw the worst at it, and it can handle it. Screenman and Listman
> >> forms work ok. Totally web-based Ajaxy Terminal Emulator. Can encrypt
> >> communication if you supply it with a certificate.
>
> >>http://code.google.com/p/shellinabox/
>
> >> Here's a screenshot to prove it.
>
> >> Sam
>
> >> I threw the worst at it, and it can handle it. Screenman and Listman
> >> forms work ok. Totally web-based Ajaxy Terminal Emulator. Can encrypt
> >> communication if you supply it with a certificate.
>
> >>http://code.google.com/p/shellinabox/
>
> >> Here's a screenshot to prove it.
>
> >> Sam
>
Sam Habiel
Aug 27, 2011, 4:26:17 PM8/27/11
to hard...@googlegroups.com
It works almost like xinetd, except that you interact with the service
through http rather than a raw tcp socket.
through http rather than a raw tcp socket.
Here's the command I ran to get it to run VISTA upon login:
shellinaboxd -s test:sakura:sakura:HOME:'/bin/bash
/opt/worldvista/EHR/bin/run.sh ZU' -p8083 -t -d
This opens port 8083 on the machine. Once you connect on
http://domain/test:8083, it runs ^ZU and you can log into VISTA. This
is unencrypted mode (-t).
Sam
kdt...@gmail.com
Aug 27, 2011, 4:29:16 PM8/27/11
to Hardhats
I looked at a good tutorial here:
http://www.youtube.com/watch?v=d4sgJY7-_r0
and here is what I can tell:
1. shellinabox is an application that runs on the linux server.
2. Apache isn't required.
3. Configuration involves opening a port that directs traffic on that
port to shellinabox. In the tutorial, they use 443 (normally used for
HTTPS). For a server exposed to the internet, one would want to be
sure that this access tunnel is as secure as SSH.
4. I can't tell if the terminal emulation is occurring on the server
or in javascript running in the browser.
5. It doesn't look like this requires any particular browser (such as
Chrome). So this could run in the IE webbrowser that TMG-CPRS. And
for those that want vanilla-CPRS, I wonder if we could use an HTML-
format report to do the same thing--as the pediatric growth charts do.
6. I can't see any way that a programmer could send simulated
keystrokes to the browser to automate login.
All in all, it does look very cool.
Kevin
http://www.youtube.com/watch?v=d4sgJY7-_r0
and here is what I can tell:
1. shellinabox is an application that runs on the linux server.
2. Apache isn't required.
3. Configuration involves opening a port that directs traffic on that
port to shellinabox. In the tutorial, they use 443 (normally used for
HTTPS). For a server exposed to the internet, one would want to be
sure that this access tunnel is as secure as SSH.
4. I can't tell if the terminal emulation is occurring on the server
or in javascript running in the browser.
5. It doesn't look like this requires any particular browser (such as
Chrome). So this could run in the IE webbrowser that TMG-CPRS. And
for those that want vanilla-CPRS, I wonder if we could use an HTML-
format report to do the same thing--as the pediatric growth charts do.
6. I can't see any way that a programmer could send simulated
keystrokes to the browser to automate login.
All in all, it does look very cool.
Kevin
Sam Habiel
Aug 27, 2011, 4:37:04 PM8/27/11
to hard...@googlegroups.com
#4: Javascript client side.
#6: Nor can I; but if we can get Single Sign-on to work, why would we
need anything else? You would just drop into the menu system.
#6: Nor can I; but if we can get Single Sign-on to work, why would we
need anything else? You would just drop into the menu system.
David Whitten
Aug 27, 2011, 7:51:46 PM8/27/11
to hard...@googlegroups.com
On Sat, Aug 27, 2011 at 2:56 PM, kdt...@gmail.com <kdt...@gmail.com> wrote:
> Sam and I have talked about this off line.
>
> It was important to me to be able to use this from home, and I didn't
> want to have separate login's. Because otherwise one might as well be
> running PuTTY in a separate window. The only difference would be
> semantics. So, as Sam says, single-sign on would be important.
>
> Sam, if you had a way to send characters to the web application (i.e.
> simulate keystrokes), then maybe you could have an RPC that would ask
> the server for credential for SSH login in. Then send the log-in
> characters to the terminal emulator.
>
> If one wants to use this from home, there would need to be one SSH
> port open that would cause automatic login to VistA, and another SSH
> connection for port-forwarding of RPC traffic.
>
> One of the concerns about the TMG-console was that the emulator did
> not act like people expected, i.e. like PuTTY (i.e. infinite scroll-
> back etc.) And the up-arrow caused the cursor to move instead of
> recalling the last command. The console code came from an open-
> sourced commercial product, so I suspect that it is acting exactly
> like an old VT-100. As such, I wonder if there is an escape sequence
> that would alter the way that the arrow keys are handled.
>
> Kevin
>
I think there is.> Sam and I have talked about this off line.
>
> It was important to me to be able to use this from home, and I didn't
> want to have separate login's. Because otherwise one might as well be
> running PuTTY in a separate window. The only difference would be
> semantics. So, as Sam says, single-sign on would be important.
>
> Sam, if you had a way to send characters to the web application (i.e.
> simulate keystrokes), then maybe you could have an RPC that would ask
> the server for credential for SSH login in. Then send the log-in
> characters to the terminal emulator.
>
> If one wants to use this from home, there would need to be one SSH
> port open that would cause automatic login to VistA, and another SSH
> connection for port-forwarding of RPC traffic.
>
> One of the concerns about the TMG-console was that the emulator did
> not act like people expected, i.e. like PuTTY (i.e. infinite scroll-
> back etc.) And the up-arrow caused the cursor to move instead of
> recalling the last command. The console code came from an open-
> sourced commercial product, so I suspect that it is acting exactly
> like an old VT-100. As such, I wonder if there is an escape sequence
> that would alter the way that the arrow keys are handled.
>
> Kevin
>
The arrow-movement keys were on the keypad on the VT-102,
I think there was Application mode that I think sent an escape
sequence rather than moving the cursor locally.
> On Aug 26, 3:26 pm, Sam Habiel <sam.hab...@gmail.com> wrote:
>> My thoughts are to replace putty and replace TMG-Console. TMG-Console
>> has given me a lot of headaches lately and it's just not good enough
>> to cut it with the users. But this is easily embedable as a web page
>> in TMG-CPRS and it can work pretty well. The trick is getting single
>> sign-on to work so that users don't have to sign in again.
>>
>> Sam
>>
>> On Fri, Aug 26, 2011 at 2:13 PM, Nancy Anthracite
>>
>>
>>
>>
>>
>>
>>
>> <nanthrac...@earthlink.net> wrote:
>> > Now this is cool. I would like to be able to log into a server from a machine
>> > anywhere with only port 80 access.
>>
>> > Does it work on a smart phone I wonder? Every once in a dog's age I would
>> > like to have a terminal I could use from cell phone - to change a password or
>> > something like that.
>>
>> > On Friday, August 26, 2011, Sam Habiel wrote:
>> >> I threw the worst at it, and it can handle it. Screenman and Listman
>> >> forms work ok. Totally web-based Ajaxy Terminal Emulator. Can encrypt
>> >> communication if you supply it with a certificate.
>>
>> >>http://code.google.com/p/shellinabox/
>>
>> >> Here's a screenshot to prove it.
>>
>> >> Sam
>>
>> > --
>> > Nancy Anthracite
>
kdt...@gmail.com
Aug 27, 2011, 11:29:55 PM8/27/11
to Hardhats
There will be a Linux level sign on before you get to the VistA single-
sign on system.
Kevin
sign on system.
Kevin
kdt...@gmail.com
Aug 27, 2011, 11:33:54 PM8/27/11
to Hardhats
Sam and I discussed this offline.
This would work with a server that is not exposed to the internet. But
I would not trust ZU to be secure from hackers. Though, it is not
clear to me if Sam's example of running run.sh ZU only occurs after a
linux-level login is complete.
A question Sam has was whether this would work with the Single Sign On
system in VistA. It is unclear if VistA would recognize this new
connection as coming from the same IP address as the CPRS that
contains it.
Kevin
On Aug 27, 4:26 pm, Sam Habiel <sam.hab...@gmail.com> wrote:
> It works almost like xinetd, except that you interact with the service
> through http rather than a raw tcp socket.
>
> Here's the command I ran to get it to run VISTA upon login:
>
> shellinaboxd -s test:sakura:sakura:HOME:'/bin/bash
> /opt/worldvista/EHR/bin/run.sh ZU' -p8083 -t -d
>
> This opens port 8083 on the machine. Once you connect onhttp://domain/test:8083, it runs ^ZU and you can log into VISTA. This
This would work with a server that is not exposed to the internet. But
I would not trust ZU to be secure from hackers. Though, it is not
clear to me if Sam's example of running run.sh ZU only occurs after a
linux-level login is complete.
A question Sam has was whether this would work with the Single Sign On
system in VistA. It is unclear if VistA would recognize this new
connection as coming from the same IP address as the CPRS that
contains it.
Kevin
On Aug 27, 4:26 pm, Sam Habiel <sam.hab...@gmail.com> wrote:
> It works almost like xinetd, except that you interact with the service
> through http rather than a raw tcp socket.
>
> Here's the command I ran to get it to run VISTA upon login:
>
> shellinaboxd -s test:sakura:sakura:HOME:'/bin/bash
> /opt/worldvista/EHR/bin/run.sh ZU' -p8083 -t -d
>
Sam Habiel
Aug 27, 2011, 11:47:43 PM8/27/11
to hard...@googlegroups.com
"Though, it is not
clear to me if Sam's example of running run.sh ZU only occurs after a
linux-level login is complete."
clear to me if Sam's example of running run.sh ZU only occurs after a
linux-level login is complete."
shellinabox runs like xinetd. As with xinetd, a process is started
with the user you specify
> shellinaboxd -s test:sakura:sakura:HOME:'/bin/bash
/opt/worldvista/EHR/bin/run.sh ZU' -p8083 -t -d
In this case, the user:group is sakura:sakura.
Sam
Nancy Anthracite
Aug 28, 2011, 9:26:24 AM8/28/11
to hard...@googlegroups.com, Sam Habiel
Using XINETD for roll and scroll is of concern unless you invoke the
additional logging and security measures that are available with XINETD to
restrict access, etc., and I don't know how hard those would be to spoof.
Probably not too hard.
additional logging and security measures that are available with XINETD to
restrict access, etc., and I don't know how hard those would be to spoof.
Probably not too hard.
Using Linux individual Linux login with keys to access VistA is much more
secure for roll and scroll.
On Saturday, August 27, 2011, Sam Habiel wrote:
--
Nancy Anthracite
rtweed
Aug 28, 2011, 9:59:40 AM8/28/11
to Hardhats
There is an alternative to this - those of you who were at the meeting
in Seattle where Zach and I demonstrated an EWD mobile application
will have also seen us use an open source Javascript VT emulator,
hooked up via Node.js and websockets to a VistA system, essentially
doing the same as the shellinabox app.
The difference is you have complete access to both the client end code
(so you can tweak and play around with the escape sequence handling of
the VT emulator) and the back end code (so you can sort out stuff like
single sign-on and other integration issues with your VistA
application logic), plus, as Zach and I demonstrated, it can be easily
integrated into other EWD application pages and fragments. For those
of you who remember, we actually demonstrated it in an iPad.
I've been working with another non-healthcare customer, helping them
to tweak it to fully interoperate with a legacy Mumps VT form-based
application (I think it uses the old TK-Forms stuff), and it seems to
be now working very nicely.
Anyway, it's all sitting around if anyone cares to take a look.
Rob
On Aug 28, 2:26 pm, Nancy Anthracite <nanthrac...@earthlink.net>
wrote:
in Seattle where Zach and I demonstrated an EWD mobile application
will have also seen us use an open source Javascript VT emulator,
hooked up via Node.js and websockets to a VistA system, essentially
doing the same as the shellinabox app.
The difference is you have complete access to both the client end code
(so you can tweak and play around with the escape sequence handling of
the VT emulator) and the back end code (so you can sort out stuff like
single sign-on and other integration issues with your VistA
application logic), plus, as Zach and I demonstrated, it can be easily
integrated into other EWD application pages and fragments. For those
of you who remember, we actually demonstrated it in an iPad.
I've been working with another non-healthcare customer, helping them
to tweak it to fully interoperate with a legacy Mumps VT form-based
application (I think it uses the old TK-Forms stuff), and it seems to
be now working very nicely.
Anyway, it's all sitting around if anyone cares to take a look.
Rob
On Aug 28, 2:26 pm, Nancy Anthracite <nanthrac...@earthlink.net>
wrote:
Sam Habiel
Aug 28, 2011, 11:16:55 AM8/28/11
to hard...@googlegroups.com
"Anyway, it's all sitting around if anyone cares to take a look."
S'il vous plait?
David C
Aug 28, 2011, 12:40:59 PM8/28/11
to hard...@googlegroups.com
Rob,
Does it have the same functionality as the RPC Broker for logon? If I remember right there are two methods for creating the context. Which one does it use? I would definitely like to take a look at what you have. I put nodejs back on my ubuntu machine i rebuilt last weekend and I would like for it to connect to my 2k3 box with Cache to kick the tires a little.
kdt...@gmail.com
Aug 28, 2011, 2:04:30 PM8/28/11
to Hardhats
On Aug 28, 9:59 am, rtweed <rob.tw...@gmail.com> wrote:
>...use an open source Javascript VT emulator,
> hooked up via Node.js and websockets to a VistA system,
>essentially the same as the shellinabox app.
...
Websockets is HTML5, right? Since CPRS uses IE, this would require
IE9, right? And that would mean only on Windows 7.
But it sounds like that technology is exactly what would be needed.
Kevin
David C
Aug 28, 2011, 2:33:26 PM8/28/11
to hard...@googlegroups.com
https://help.ubuntu.com/community/WebKit
Why worry about other browsers when webkit has support for html5? The only thing i recall in CPRS that uses IE is the links in the toolbar and or links in tiu, which is like any other link in any app that opens the default browser window. But I somewhat remember that you created a webbrowser control for the notes tab once that was really nice. You might like this link also Kevin:
I am surprised that this group hasn't created a web client just for purposes related to medical records that wouldn't be reliant on the big corporate browsers out there today. Webkit has open-source written all over it and some of the big companies out there are already taking advantage of it, even for mobile devices.
--
kdt...@gmail.com
Aug 28, 2011, 2:50:34 PM8/28/11
to Hardhats
On Aug 28, 2:33 pm, David C <davidc3...@gmail.com> wrote:
...
> Why worry about other browsers when webkit has support for html5?
I agree. But TMG-CPRS, as it stands, has IE for it's HTML renderer.
...
You might like this
> link also Kevin:http://arstechnica.com/open-source/guides/2009/07/how-to-build-a-desk...
>
I very much do like that idea. I may even work on switching TMg-CPRS
to it at some point. I don't like using IE as the HTML editor. It
has this quirk in that if an IE web browser is opened in a separate
window, that it sometimes resizes the fonts of the text in CPRS! It
is hard to explain how this happens, but it does happen occasionally.
Much of the functionality of IE is difficult to get to, and I really
hate COM interfaces.
Thanks for the link.
Kevin
...
Reply all
Reply to author
Forward
0 new messages