Tomcat based terminal server application

Damn - I tried this piece of crap (actually it’s not bad) about 5-6 years ago - and thought it was okay.

It’s not even just for Linux, it can do RDP too… Idealy for SSH, but can do Windows, and connect to X using XRDP I think… Being tomcat - it’s java based… has different auth methods too, e.g. it can do LDAP / AD - or hard coded local accounts in the app running in Tomcat…

i.e. it’s networked to a bunch of other servers, and centrally managed SSH jumphost that can do a bunch of other stuff…

But for the life of me - I cannot remember the f–king name of this product! Doh!

I keep thinking “Gorilla” - but that’s wrong! Did it begin with a “G”? I think so, but I’m stumped…

Anyone?

Tomcat is utter shit.

I’m speaking out of experience, horsing around with this for hours and hours, because it feels like you’re set back into the late 90’s or early 2000’s…

There are very good reasons 99.99% of resources and “documentation” on the internet about Tomcat is at least 10 years old and usually is about 15 or 20 years old.

But this thing was kinda neat - when it finally works - presents Windows or a NIX shell to a web user - I think it renders to HTML5 or something…

But for the life of me I can’t remember the name.

My Wintel colleagues are using something called ASG - but it’s so obviously designed for Windows server people - it does SSH but only PuTTY and I F–KING HATE using PuTTY - it’s a steaming pile of crap…

When forced to use Windows, I’d rather use the SSH command from the CMD shell, than PuTTY - ideally I’d even still further / rather, use MobaXterm (I bought it) and / or WSL. PuTTY’s SSH key managed suck great gigantic fuzzy balls…

Was just thinking about this product, as a potential alternative to this ASG rubbish, for UNIX and Linux administrators, BY UNIX and Linux administrators… ASG’s a f–king confusing name too - I used to work for a company called ASG, and it’s more common to see it in AWS (Auto Scaling Groups - and - I’ve used them before)…

Also - Tomcat despite seemingly being “anti-deluvian” (e.g. last millennia tech) - you probably haven’t seen the GHASTLY HIDEOUSNESS of Sun Glassfish - that thing STINKS to high heaven and people are still running that pile if shit on legacy Solaris server fleets… these things hang around like someone stuck a pile of rotting seafood in the wall cavity of your house!

Gimme Tomcat any day, over Sun Glassfish…

Well, few people all the time say, they want the “real” socialism, because every single attempt in human history on having such a system gloriously failed.

It’s important that things work. In my experience, everything that I had to do with Tomcat was an absolute & utter pain. Nothing acceptable about it.

Though, yes, in theory Tomcat may do all kinds of authentication stuff for you. It may be, in theory, very helpful.
Though, it’s extremely hard to configure the right way, based on today’s standards. Was okay 20 years ago, but now it’s something that should be either thrown away or automatically managed in the background, without a human ever touching or even seeing it.

I use PuTTY all the time. It’s not perfect. I have found some issues. But its benefits are very big.

In my experience, it’s usually best to use the thing most native to the platform. If you want to use something, that is not specifically designed for the platform, when there is a more fitting alternative available, then it’s much more likely you could encounter issues.

There is always some worse alternative of anything out there. It does not make the original, i.e. Tomcat, better though.

Whenever I had to deal with Tomcat, it felt like I had to turn around my head by 720°, then cut my nose off and transplant it onto my arse. Then I would go to the bathroom to sniff the shit dropping into the toilet.
This is how it felt to deal with Tomcat. And that’s still the mild representation.

I found a way to avoid using PuTTY - they’ve published several apps on this “portal” (it’s some kinda RDP portal into an Azure tenancy)…

One of those published apps is Google Chrome - I just sync’d it to my google account, then installed a couple extensions that do ssh :
Extension : “Secure Shell”
Extension : “SSH Agent for Google Chrome”

and it’s better than using the crippled version of PuTTY they publish for egress to one customer - and - most importantly - it supports X select and paste (middle mouse button)…

Still figuring out how to make the SSH Agent tell the remote connection I’ve got an SSH key, but this is progress

I used to use that Secure Shell extension a few years back to do MOSH (it has a mosh client)…

All you need is a terminal emulator with X11 capability for Windows.
I was trying to think of one we used to use… its name starts with PC…, but I cant think of it.

I’m talking about a portal as a gateway into customer systems - with a few ports enabled as possible, preferably 100% encrypted - X11 encrypted over SSH is okay - but I don’t need, or want X11 or GUI stuff - I just want to jump to a UNIX host to a shell with the least amount of fuss and hops as possible…

Looked at a list of Apache products, as I remembered it was their product and :

Guacamole, Gorilla - same difference - see my confusion

I’d like to see if I can deploy something like this to manage Linux boxes - i.e. inside the Azure portal, maybe running on a Ubuntu or Debian instance…

I’m going to look into running this on my Pi4B (4GB model) to access internal “servers” (I can already do this - direct SSH [non standard port] from the wild interwebs (I run NO IP dynamic DNS) and I also have OpenVPN running on there too - so I can VPN if I want) - but this is interesting and I’m going to see if I can get it going…

What are they (the benefits)? That it’s been around since the 1990’s? It feels like it too…
With MobaXterm - I work like I would on an actual Linux server - no bullshit with PFX or PEM files…

1. So many options & you don’t have to touch a single file fto adjust them, except it is technically mandated by the technologies supported. It’s all in the GUI. Just mousily clickety clack your way into it. This is a HUGE plus. It would really deserve like 5 points in this list, not only a single one!
2. Supports several technologies, not only the most recent SSH.
3. I kind of think it’s stupid to have the settings saved in the registry, but whatever man, it just works! I occasionally visit this answer to export all PuTTY settings to a registry file and everything is backed up. No trouble. I would wish for a JSON config instead, but this is still better than having no backup/export options, or, even worse, have some unparseable Linux-styled random character insanity written into a file, so no other program can process or modify the file, except the program creating that file. I hate the “arbitrary characters can go into any program any time” Unix/ Linux philosophy.
4. Profiles. I have at least 50 different profiles, with each having different settings. Most profiles are based on the same root profile. This is extremel convenient. Set it up once and forget it!
5. It’s possible to create desktop shortcuts for individual connections. Just double-click and you are automatically connected.
6. Windows Terminal font. The last time I wanted to set this up in Linux GUI, it fucked up my system. Imagine, Linux is exhausted by a simple FONT! Whatever, Linux gonna Linux. Resistance is futile.
   In Windows, it’s just a matter of picking it from the list. Done. I personally like this font the most. Once I tried it out, I never went back to another font in terminals. I like this one the most of all. It’s very compact, yet very easy to read and looks great.
7. Advanced SSH key file management. PuTTY has its own manager for this. Of course, a GUI. We aren’t on Linux, where nothing has a GUI or the GUI is broken as fuck.

There are probably tons more things one could list, those these are the most important ones for my personal life.

Some of them are probably available in MobaXterm or whatever the alternatives are, though I only ever really used PuTTY and WSL on Windows for SSH, so I cannot really compare or know the similarities.

I like to use Royal TS for remote management. It connects to SSH, RDP, HTTP(S), VNC, TeamViewer, and many more.

You can build a tree structure of saved connections and even save credentials to ease the pain of authentication.

There is a free trial version with the limitation you can only add 10 hosts to your list.

Oh, by the way, this runs on Windows and Mac. I don’t know if there is a Linux version.

Found a Windows 10 VDI I can use with egress to most of the stuff I need - and - it’s not 100% locked down so I can at least copy exe files there and run them like : MobaXterm, I will do nearly anything to avoid using putty… What I hate the most about putty is its shitty primitive way to dealing with keypairs…

So - on the Corporate SOE/MOE laptop they gave me - I can’t even set Windows 10 to dark mode or change the wallpaper! All that white space on Windows applications actually hurts my eyes… thankfully Microsoft are finally catching up to everyone else, and doing kickarse things like adding dark mode to Teams and Outlook (dark mode Outlook is 10K x better in the web client than with outlook.exe on Windows).

In this Windows 10 VDI - I can do all that (change wallpaper, set all the colours and accents to dark mode) - and more - I can install Brave and Brave sync works (as does google sync).

That’s where I will be doing most of my work - in a Windows 10 VDI, using MobaXterm for remote access… Works very well on Mac too, full screen - and I can 3 finger swipe to have multiple virtual desktops… If I need to “inject” data (sounds malicious - but it’s not - I’m constantly needing to upload files) I can work around the corporate SOE/MOE crippledness (no dropbox, no USB thumb drives, no smartphone on USB)… Hmmm - this VDI is actually running in Azure I think - but - I wonder if I can install WSL on there?

What’s the culprit there?

I’m using dark mode in Microshit Teams since years.

Though, ironically, I experienced tons of glitches, bugs and other issues with this program. It’s like the buggiest mess among chat programs, I have seen in a long while. No wonder, they need your feedback, after every single call…

I vastly prefer it (Teams) to what my employer was using before - Skype for Business (not compatible with actual “Skype” - i.e. not even the same product - Skype for Business was the name for what replaced Office Links or whatever it was called)… and Teams has “native” (yeah I know it’s probably just HTML rendering) Linux x86_64 ports…

Now - I don’t use Teams by choice, I wouldn’t choose it if I had a choice, but I don’t…

As for how putty does ssh keys - I really don’t know how it does, I just know it’s convoluted and something I can’t be arsed with.

In MobaXterm, WSL, Linux, UNIX and MacOS :

ssh-keygen

Once I’ve got a key generated - “ssh-copy-id user@remotehost”… If it’s something primitive like Solaris, I might have to manually scp the key to the Solaris box once…

Heck - I could even :

sshpass -p$SECRET ssh-copy-id user@remotehost

Sure it might be an easy no-brainer for some (i.e. running puttygen.exe, and firing up putty’s agent or whatever it is) - but I seriously hate it…

Same here.

That’s just standard. I’m pretty sure you can do it with PuTTY, too, but then you would have to do more work to get it running.

My company has used Link, MS Communicator, Skype for Business, and now Teams. I’m pretty happy with Teams. My biggest complaint is that with Skype we could log our chats to a folder in email. Now we can’t.

You can - but involves a lot more fucking around… I’ve seen plenty of “colleagues” use putty - but - they just point it at a server, and enter their user name and password EVERY FUCKING time! That’s not only wasting time, it’s so lame it’s STUPID, work smarter, not harder you moron!

e.g. if I want to take my id_rsa.pub and use it in putty - I have to convert the format (it’s not nearly as simple as renaming it to id_rsa.pem!) then I have to run it through some kinda processing thing that putty has before i can use it - and - I think I need to set it up for EVERY single putty “connectiion” I might keep in putty (which the fucking thing stores in the Windows registry).

On NIX systems, all my saved settings go in ~/.ssh/config - or - with later (e.g. less than 5 years old) version of openssh - I can nest/include config files :

╭─x@titan ~  
╰─➤  cat ~/.ssh/config
Host    *
        ServerAliveInterval     300
        ServerAliveCountMax     2
	ForwardX11Trusted=yes
	ForwardX11=yes	
	StrictHostKeyChecking	no

Include ~/path-to-another-config/config-file

I can do this in MacOS, recent Linux distros, FreeBSD running on TrueNAS, MobaXterm (which is really just repackaged cygwin - which I could do myself - but I’m lazy so I bought MobaXterm) and WSL* … I can edit those config files with vi or nano or whatever - I can store them all on some shared or sync’d cloud storage (in if I’m lucky, my $HOME is on an NFS share) - so they’re everywhere, wherever, I need them…

Note : I don’t think ~/.ssh/config file on Solaris can do nesting / includes, but then Solaris is steaming pile of crap (I used to swear by it - it was my bread and butter for many years - but I DETEST it when I come across it these days!).

Try that simplicity with putty - this is why I hate putty…

* it even works, from e.g. Windows 10, MS-DOS (it’s not actually MS-DOS - it’s “cmd”) prompt, I can have a C:\Users\myprofile.ssh\config - and I can ssh from the Windows 10 CMD, or maybe even powershell… I’d rather do that, than use putty even!

I never do that, because my base profile I had mentioned earlier already has a key perfectly set up. Set it and forget it.

Precisely.

Well, yes, it’s taking more than a second, though if one is used to horsing around with openssl and certificates, then this suddenly becomes a breeze.

I do this with those key files. I converted them once a while back and now I have every format at disposal like that. Again, set it and forget it.

That’s the right attitude. Never stay with something just because “we’ve always done it like this”!

I get that, though I solved all that in my case by just setting it up once a far while back and then I forgot about it. I just go to the folder containing the key, if I need it. No horsing around needed. This one setup was enough.

Scheisse!

Spent 2-3 hours setting up that Windows 10 “VDI” on Thursday - thought I had everything sorted and downpat and ready to start cooking with gas…

Login again later on Friday morning - ALL GONE! Dude! where’s my DESKTOP???

Turns out it’s Russian Roulette - there’s actually 6 VDI - hosted in Azure - and which one you get is random! Like spinning the barrel of a revolver with only one bullet in it!

FAAAAAAAAAAAAAAAAAAHHHHHHHHHHHHHHK!

Won’t let me install ResilioSync… Won’t let me install google drive…

So - today (it’s Saturday, and I’m not gettting paid - but I want this working for Monday) I’m using Google Drive in Google Chrome browser…

Configured MobaXterm just how I like it.
Downloaded a portable Notepad++ (I’d still rather just use vi in MobaXterm)
Plonked my Portable Firefox
Created a Portable Brave Instance

All in folders on my virtual Windows 10 “desktop” (i.e. C:\Users\me\Desktop)

Then upload those folders to my Google Drive via Chrome…

So - next time I play Russian Roulette - I can fire up Chrome, tell it to sync - get my G Drive, download that shite to my Desktop folder… hopefully only 4 more times… What bullshit…

and if I make significant changes to something - I’ll have to remember to sync that to my G Drive in case I get a different cylinder in that revolver barrel next time…

Why not have roaming fucking profiles? FFS - a shared network drive FFS? Would that be too hard?

The Windows 10 laptop I’ve been allocated is so locked down - all it’s good for is as a dumb terminal - I just leave it in my locker at work - bugger lugging that clunker back and forth…

Wait, what… How?

Precisely. Automate what can be automated, to save time. I do this all the time.

Is there really no way of just picking a specific VDI?

I just discovered “nativefier” - it can turn a web app into a “desktop” application…

Installs as a snap on Ubuntu - but - I can install it using Brew on MacOS… Note : these packaged apps on Azure can be access via a web URL…

nativefier https://client.wvd.microsoft.com/arm/webclient/index.html

and I get /home/x/Webapp-linux-x64/Webapp

Create a *.desktop app, and I can access via a single click…

Have not hear that expression in years.