I have not used freepbx for a long time but decided to have a bit of a play again, mainly to see if I can do everything I need on a single appliance.
One thing I thought was lacking out of the box was access to the linux terminal being limited to local or SSH, so I have had a go at making my first module to address that. I’m wondering if anyone is interested in testing it and of-course modifying or improving it, particularly my php which could be better. It works for me very well as it is now.
I’m not really into the github stuff so I can either upload it here or provide a download link.
The module is very basic and I used the freely available ttyd binary to display a terminal window in an iframe. If anyone is interested please let me know.
Putting the CLI into the web GUI sounds like it could introduce some security concerns. But it does sound convenient for some users. Have you considered explicit time limits on how long such an interface is to remain open ?
Do you have a link to that source which you could share ?
I opted to run it in an iframe and connect to a random port for “once only”. i.e. When you leave the page in the FreePBX GUI, the ttyd sessions ends. A new one starts on a new random port next time you go back to the page. It runs under the asterisk account but you can su to root if desired.
Works well for basic terminal access via the FreePBX GUI.
So I have considered this a few times over the years and there has never been a good way to do this securely. Previous iterations ran a jvm app that was essentially just an ssh client. I would make sure anything you make is heavily looked at by people who do security research.
You will note this is why many things use sysadmin and hook. You need elevated privileges and there is a bunch of checks validating you’re not a “bad actor”.
Yes, I understand that security is an important factor.
As I said in my first post, I don’t really do github but if anyone wants to try the module and scrutinize any security flaws, I can send the archive or provide a temp download link. I’m just trying to share the work I put in with pro open source people.
I used the FreePBX module generator script to create my module skeleton and chose AGPLv3, not sure if that’s the best license to use but that’s what I selected.
According to GitHub - tsl0922/ttyd: Share your terminal over the web ttyd is under the MIT license. The open source code is there, but for debian they recommend using the binary, which is what I did, in my case ttyd.x86_64, I manually copied this to /home/asterisk/.local/bin/ (owned by asterisk) and made it executable.
As I said, my code is very basic and works but could definitely be improved. For example, the install function could check the CPU architecture and automatically download the correct binary rather than my manual method.
I posted here thinking someone might like to try it on a test system and see if the concept is worth improving on.
