Talk:Web-based SSH

Disadvantages
For symmetry there should be a disadvantages section. Either that or the Advantages section should be re-named. This approach to providing access to servers has inherent disadvantages for the user compared to using a client side terminal. It isn't all ups! — Preceding unsigned comment added by RogerHyam (talk • contribs) 13:16, 1 March 2023 (UTC)

Serfish
That garbage Serfish link is NOT going to stay here.

1. It's a newly registered domain with WHOIS privacy. There is no established trust there for you to be handling unknowing user's personal data, or promoting your own sites through Wikipedia.

2. The net is already flooded with spam links to the site, just like you're doing here. I think it's safe to say it's your site at this point, since you just lied about hearing it mentioned on the news. You created the article hoping that your link would stay under the radar. It didn't.

The only news of this site is that it's spam. You've been comment spamming blogs, you just bumped at 2 year old thread at DigitalPoint to spam it, as well as on other hosting forums.

3. The TOS alone basically tells people they're data is not safe as it's all pass unencrypted on your servers.

For you to be this agressive with spamming a new domain all over the net, there is a hidden agenda. I feel sorry for anyone that enters their data at that site.

In closing, Wikipedia is NOT the place for you to gather victims. Go back to forum and blog spamming, because the links aren't staying here. S600 (talk) 08:00, 5 April 2008 (UTC)

Hi!

I can response to your issues in the following way:

1. The page is newly registered with WHOIS privacy, but if you take a look at the contact information of serfish you see that the author of this page reveals its identity and provides even more information than in WHOIS would be found: He complied with european standards on web site identity.

2. I do not know how the owner of the page is behaving. I am also not interested in it. It is a new project an probably he is trying to market it by pointing web users interested in web based ssh to his domain. I could still not find spam the way that he posted to threads/blogs where the topic didnt belong to. For the mentioned pages I would say: In doubt for the accused person, in particular if it is a free service that is provided.

3. I see no point that makes the link to serfish unserious here. The publisher of the site reveals how it works (how it also works on other pages!)

Believe it or not: My interest in having this link published is no personal, I just wanted to start contributing to wikipedia by writing about a topic i am interested in and where i have some knowledge on. I now do not want to accept that here is control about public contents, blocking potentially relevant contents (no matter what is done to promote this site: the serfish project still is highly relevant for the discussed topic i think).

On the other hand, if you were serious about your concerns you would also have to remove the remaining links:

1. Where do you find established trust for the two other services? Both of them look older/more deserted than serfish in my opinion.

2. The links pointing to these sites are also questionable.

3. All of the remaining services work exactly the same way.

Therefore, if you have really bad concerns about the provided link: I suggest we either remove all links to all services (gotossh and my.anyterm.org) or we reinsert serfish. Looking forward to hearing your opinion. J.crox (talk) 08:54, 5 April 2008 (UTC)

you both are right. removed additional scam links on this page.AnneXX (talk) 16:42, 5 April 2008 (UTC)

Hi! That is not really what I wanted. I still think that all three projects are of relevance for this topic. Still, it seems that I am somehow overruled. Sad to see that such relatively innovative projects are considered irrelevant here. J.crox (talk) 18:11, 5 April 2008 (UTC)

You're overruled because no one likes spam or scam sites that are making peoples personal info vulnerable. The article was created to promote those sites--no other reason. Every link out there to that site is either blog comment spam or forum spam, so it was very predictable that wiki-spamming would be on the list. Scam sites using some generic script that makes user info vulnerable have no value here or anywhere else. Your initial reply still seems to indicate that you're more connected to that site than you admit to, especially how you try to use the word "promote" to replace "spam."

And finally, the idea itself is horrible anyway. If you have shell access, use a secure client like putty instead of dumping all of your unencrypted personal info on some crook's server. That's common sense. S600 (talk) 19:23, 5 April 2008 (UTC)

Hi again! Well, I think it is clear (and shall be made clear by service operators) that such a service (may it be serfish/gotossh/anyterm.org) must NEVER be a replacement for putty etc. However, many people often are in LANs where port 22 is blocked (including me in my company's intranet). For them, this service is great, especially if they are in some sort of troubles/have no possibility to set up their own instance of anyterm/ajaxterm. And I can only repeat it: You have of course to trust the given service providers in not logging your data etc. If you do so, depends mainly on the look/feel of their web site, the seriousity of the provided legal information and the seriousity of your troubles :) Well, for me this issue is closed. Still find it sad. DIdn't want to be aggressive, sorry if you got that (and my assumed connection to serfish) wrong. J.crox (talk) 09:52, 6 April 2008 (UTC)

Know when you've been busted and move on. You are lying about your affiliation with the site. Let me remind you of this quote from you: "from which i heard through local news."

You didn't hear about a newly registered scam site on the local news. Period. The only promotion of this site has been spamming, just like you spammed it here. S600 (talk) 20:44, 8 April 2008 (UTC)

Hi everyone. I'm Phil Endecott, author of Anyterm, and I found this page when it appeared in the anyterm.org referrer log. I've just added a section with a brief comparison of Anyterm and Ajaxterm. I hope you're happy with it; I'm not much of a wikipedian and I hope I've not broken any rules.

Re the links to the commercial sites: Wikipedia could provide a useful service to the public by comparing them, along the following lines: funding model (serfish is advertising-driven, while gotossh and my.anyterm.org charge a fee (my.anyterm.org is cheaper, I think)); technology (serfish and gotossh use ajaxterm); trust (I'm too partial to comment here; as far as I'm aware none of the sites is a password-harvesting scam). Is there an explicit prohibition on providing this sort of commercial review?

Cheers, Phil  —Preceding unsigned comment added by 86.6.12.162 (talk) 16:21, 17 April 2008 (UTC)

Links to sites that provide webbased ssh
I think that a page about webbased ssh is pretty pointless without links to sites that actually provide this service. I am aware that this can cause problems, but i think it's better to warn people about the possible security problems and include those links then to remove the links and warnings. People will find those links through other ways, so removing them isn't helping them. I think we are helping them more by including the links and warning them for the possible problems. Censorship doesn't help, it only causes more problems. 110.45.136.77 (talk) 22:41, 1 July 2009 (UTC)

Links to web based ssh clients have been removed as this has been decided in previous discussions. The above issues were not specific to serFISH (which might be rather serious but was rejected due to commericial aspects in the first place), but to any relatively new site which offer a questionable service and do not even provide explantions on security issues and/or valid HTTPS certificates. Sorry but no spamming please. Still, please feel free to keep the warning on the site without dropping the names of these sites. Thank you. AnneXX (talk) 23:09, 1 July 2009 (UTC)

Addon: If you insist on keeping names here, we should find a criterion for them to be considered "serious". In my humble opinion this seriosity can be based on (1) the explanation of the service nature & risks right on the offering site as well as (2) the use of appropriate security measures (HTTPS as mentioned before). As far as I can see this right now only gotoSSH.com, my.anyterm.org and serFISH.com offer these qualities AnneXX (talk) 23:16, 1 July 2009 (UTC)

This is not SSH!
Which morons has written this site? Neither Ajaxterm nor anyterm are using ssh to communicate between server and client. Therefor the term SSH is missplaced in the context. The correct term is Web-Shell or Ajaxterm. —Preceding unsigned comment added by 88.69.44.234 (talk) 15:10, 21 August 2009 (UTC)

Not if the shell is forwarded to a SSH session, which they all do.

Absolutely agree. This article should either be called Web-based Telnet, or Web-based Terminals. It's not Web based SSH unless the SSH encryption/decryption is happening in the web browser. Calling it Web-based SSH just makes it seem more secure than it really is (which is not at all unless you're using https and you fully trust the remote server). MaZe Pallas (talk) 08:39, 26 June 2010 (UTC)


 * It should not be called Web-based Telnet, as that would be just as wrong as Web-based SSH, since neither protocols are used between the browser and the server. Web-based Terminals would be the better name. 81.220.13.251 (talk) 19:38, 11 July 2011 (UTC)

Technology
Currently the article distinguishes client vs server-side terminal emulation. I think we should actually distinguish three.


 * [A] Server side SSH protocol processing (encryption/decryption) and terminal emulation.
 * [B] Server side SSH protocol processing with client-side terminal emulation.
 * [C] Client side SSH protocol processing and terminal emulation.

I believe the article considers [A] to be server-side, but both [B] and [C] to be client side. There is a *clear* security/privacy benefit to [C] far above and beyond that of [B] and this should perhaps be made somehow explicit? MaZe Pallas (talk) 01:39, 1 December 2014 (UTC)

Browser Plugins
Is FireSSH the only secure shell for Firefox? Really? Development and support for it has been terminated by the developer. - KitchM (talk) 02:59, 25 July 2018 (UTC)