

HTML5 (plugin free) web-based terminal emulator and SSH client - zacharysjoden
https://github.com/liftoff/GateOne

======
leejoramo
Impressive demo video of GateOne: <http://vimeo.com/24857127>

I could see a number of use cases for this. However, I would like to know that
it has been vetted for possible security issues.

~~~
vdm
Impressive indeed. Why don't github README's ever link to a demo, or the intro
blog post? This is why I bookmark the HN page for a project like this.

~~~
riskable
Why _didn't_ I add a link to the demo in the README? This has been corrected.
Thanks for the tip :)

\-- Dan McDougall - Author of Gate One

------
zobzu
I thought it was implementing SSH in JS and WebSockets aka an "HTML5 SSH
client"

In fact its just a front end. So yeah it's plugin free, but it's still not
interesting. Means also that your password travels to the host machine then
and that you get double latency.

"Bleh" comes to mind :-(

Please someone tell me I missed a sshprotocol.py and that the ssh.py was not
full of system() calls :'(

~~~
maratd
_I thought it was implementing SSH in JS and WebSockets aka an "HTML5 SSH
client"_

I don't think that's possible. You would have to implement encryption in
JavaScript and that is a horror in it's own right, especially when it comes to
performance. There would be other problems too.

 _Means also that your password travels to the host machine then and that you
get double latency._

Yes, but if you install this on your machine or another machine on your local
network, it shouldn't be too bad.

 _"Bleh" comes to mind :-(_

This is actually very cool! I develop on Windows (personal preference), but my
development + production is all Linux. There's also instances on Rackspace and
EC2, all Linux. This allows me to connect to them through the browser, without
running SecureCRT or Putty!

~~~
darklajid
Out of curiosity:

What is the improvement for your workflow? I'm genuinely interested, because I
cannot even imagine why I'd drop putty (or something similar) and go for a web
client here (at least not unless it would be something completely without a
backend that I need to install first).

So: Why would you like to drop ~native~ clients?

~~~
riskable
Here's a couple of reasons why Gate One is superior to PuTTY:

* Gate One makes temporary network disruptions a trivial inconvenience: If your connection drops (which is sadly very common with business VPNs and home Internet connections) you can instantly resume all your open terminals the moment it comes back online. This also works for when you need to reboot your computer (not that Windows ever makes you do that ;).

* Gate One's bookmark manager is vastly superior to PuTTY's built-in session manager. With PuTTY, if you have more than a few "Saved Sessions" you'll have to scroll and scroll to find the one you want and the connection window isn't resizable. Also, you can't attach notes or classify them in any way. Gate One's bookmark manager is so much nicer (and faster to navigate).

* Gate One terminals don't clutter up your task manager. I've seen Systems Administrators struggle to find the right window when they have dozens of PuTTY windows open. Some other SSH clients support tabs but those can get out of control just as quickly. Gate One's grid view lets you manage (and find) a large number of terminals very efficiently.

* Gate One's session logging/recording, playback, and sharing features. PuTTY supports raw, text-based logging but it is unreliable (if you don't shut down PuTTY properly the log will be lost).

Of course, there's other features you might like but I won't enumerate them
all here. PuTTY does some things Gate One can't do (e.g. port forwarding) but
for most day-to-day stuff Gate One will probably be better.

\-- Dan McDougall - Author of Gate One

------
there
_FYI: Gate One was developed entirely by one guy in his spare time over the
course of ~9 months. It turned out pretty good so he's looking to start a
business out of it._

anyone know how he plans to do that? license it under different terms to
network hardware device vendors for integration or something?

~~~
martey
The repository's LICENSE.txt states, "if the terms of the AGPLv3 license do
not suit your needs, a proprietary license may be purchased from Liftoff
Software," so I would assume that you are correct.

------
superbobry
Just out of curiosity, why you didn't use (or decided not to use) existing
solutions for the terminal backend:

* <http://pypi.python.org/pypi/pyte> * <http://github.com/samfoo/vt102> * <http://antony.lesuisse.org/software/ajaxterm/>

(to name a few)

~~~
riskable
I chose to write my own terminal emulator from scratch because after trying
various existing open source implementations (including the one in Ajaxterm) I
decided they were too slow, buggy, or incomplete. I have old versions of Gate
One that used a modified version of Ajaxterm's emulation, Termemulator, and
one other that I can't remember right now.

The biggest reason of all was the speed. Gate One needed to support multiple
users running multiple terminals. Every terminal--when the screen is updated--
needs to be converted into HTML and sent to the client. I wrote terminal.py to
be as fast as possible with this purpose in mind.

For reference, I hadn't heard of pyte until I saw your link just now. I'll
definitely be checking it out.

Having said all that, now that I've _already_ written my own terminal emulator
for Gate One, it includes some additional features that only Gate One is
suited to take advantage of (special escape handlers that only terminal.py
would know how to handle--for plugin authors to use). I don't think it would
be practical to use something else at this point.

\-- Dan McDougall - Author of Gate One

~~~
superbobry
I understand your point, there's two problems with most of the terminal
emulators I've seen:

    
    
      - they are either poorly or completely unsupported  
      - the code is a nightmare, badly written, undocumented
    

Both make extending a VTE an almost impossible task. Actually, that's why we
(at Selectel) wrote `pyte` [<http://github.com/selectel/pyte>], which soon
became open-source.

As for speed issues, have you considered implementing incremental updates
(like in AnyTerm, for example)? This approach works perfectly in our setup
(multiple clients, multiple terminals).

P. S. Looking through the code, I can tell that you had some tough nights
throughout those 9 months :) Good job!

------
Alexandervn
Very cool. But I don't like all the options on the right. It could have been
simpler. You have the tabs in your browser. Why add another way to make
screens in a screen? Though splits could be handy..

~~~
leejoramo
I think because different Tabs are sandboxed from each other. Looking at the
code in GitHub, the browser is communitcating to a server based application.
By doing this in one browser window, you only need on connection between the
browser and the server.

~~~
riskable
This is exactly right. Having said that, I plan to add support for detaching
terminals into their own tabs to Gate One in the future. There's no technical
reason why it can't be done but it will require a lot of coding.

There's another advantage to having all your terminals under one tab: They
don't clutter up your tabs! LOL! If you've ever had a dozen or so PuTTY
windows open you'll know that they can really clutter the heck out of your
task manager. Having a zillion tabs open would have a similar effect.

\-- Dan McDougall - Author of Gate One

------
yatsyk
I've thought about similar ssh client for Kindle Keyboard 3G web browser. With
3G you are getting free over the world coverage with no issues with battery.
Slow e-ink screens are not a problem for terminal. So you are able to fix
problem on your server almost any place in the world.

------
larelli
This looks like an impressive, feature-rich version of escape from the web
(<https://launchpad.net/eftw>). Both use tornado on the backend and there seem
to be some similarities in the multiplex classes. Escape from the web in turn
shares code with ajaxterm.

Both (gateone and eftw) render terminal output on the server side using a
python terminal emulator, while shellinabox mentioned in another comment uses
a Javascript terminal emulator on the client side.

Edit: The docs say, the terminal class was written from scratch.

~~~
riskable
Hah, nice find! You'll be interested to note that I am the author of both
Escape From The Web _and_ Gate One. Once WebSockets became generally available
I decided to write a new application from scratch in order to take advantage
of the technology. The primary motivator was that I wanted a web-based
terminal emulator that could support multiple terminals (among other things).

Also, the two work on completely different principals. EFTW uses long-held
HTTP streams (which differs from Ajaxterm's long-polling method) while Gate
One uses asynchronous WebSockets. WebSockets are vastly superior to the old
AJAX methods in that they're much less bandwidth/CPU intensive and provide an
order of magnitude less latency.

\-- Dan McDougall - Author of Gate One

------
rufugee
Wait a second...is he correct on the AGPL? We have a legacy application which
runs on linux...I'd be very interested in exposing it to our internal business
users through something like this, but not if I had to give the source away.
However, I'm not sure how this could be the case...it technically wouldn't be
part of the application...it'd only be a way of accessing it.

That said, if we get value of it, I'm not opposed to paying for it either. I'm
just more interested in understanding whether the AGPL really forces this.

~~~
icebraining
_Does the GPL require that source code of modified versions be posted to the
public?

The GPL does not require you to release your modified version, or any part of
it. You are free to make modifications and use them privately, without ever
releasing them. This applies to organizations (including companies), too; an
organization can make a modified version and use it internally without ever
releasing it outside the organization._

<http://www.gnu.org/licenses/gpl-faq.html>

As long as all the users are internal to your organization, you don't have to
provide the source to anyone.

------
afiler
I wrote my own web-based terminal emulator, but shortly thereafter found
shellinabox (<http://code.google.com/p/shellinabox/>) and I use that instead.
It looks like GateOne might be a bit more configurable, and I don't think
shellinabox does tiling or bookmarks. Can anyone else comment on other
relevant differences?

~~~
superbobry

      - unicode characters (for instance you can't type in russian) -- try there http://demos.anyterm.org/shellinabox_nano
      - speed could've been better, there's a noticeable delay when running something like `mc`
    

I haven't tried Gate One yet, but I did look very closely at your project at
some point. Great work, btw :)

------
alexholehouse
Very, very cool - fyi your site is giving me the ol' 403 -
(<http://liftoffsoftware.com/>) (if this just because you're getting it up and
running let me know and I'll delete this!)

~~~
leejoramo
Strangely, the last line of the README file says "NOTE:
<http://liftoffsoftware.com/> hasn't been built yet so links pointing there
will be dead for a while."

I guess an "Under Construction" animated GIF would be better than a 403

------
bprater
The author created a great looking app -- I wish he had spent five minutes
during the 9 months explaining how to install it!

~~~
rufugee
The docs, included in the download, contain install instructions. Pretty easy
and quick to install.

------
skeptical
I'm not understanding how (why?) this would be useful. Accessing a server
through http and pipe everything to some other server, why would I want to do
that instead of directly connect to my server?

What advantage does this have over running ssh normally on my terminal, or
putty?

Not being sarcastic, just genuinely curious about the rational of this
application.

~~~
zokier
Bypassing overly tight firewalls and/or execution policies is one reason.
Basically this enables you to use SSH with any machine, even if it was
firewalled to allow only port 80 and/or doesn't allow executing anything other
than browser.

------
zokier
* Similarly, supports server-side logging, recording, and video-like playback of user sessions. It can even log to syslog to support whatever centralized logging system you want.

Sounds scary.

~~~
riskable
Why does auditability scare you? Besides, it is a requirement of many laws and
industry regulations. Especially the log-to-syslog capability which enables
centralized logging of sessions.

\-- Dan McDougall - Author of Gate One

~~~
zokier
Because the point of SSH is that it's encrypted and secure, thus not
eavesdroppable my any intermediaries.

Edit: To put it other way, this feels like using telnet to connect to a server
where you can then ssh where you were going to. And the telnet server
recording all traffic that goes through it.

