Log In [secure]
Log In [http]
A Terminal Anywhere
Anyterm has been known to work with various Linux distributions, FreeBSD, OpenBSD and Mac OS X. Development is on Debian GNU/Linux, so if you use a different system you might need to do things a bit differently. If you find any significant differences please let me know and I will add a note to this page.
Anyterm uses some of the Boost C++ libraries. Primarily it uses header-only libraries, but it does need to link with libboost_system. You may already have Boost on your system; if not, precompiled packages for most systems are available from the usual places. For example, on Debian you should install libbost-dev and libboost-system-dev.
I'm currently using Boost version 1.61. Most versions should work; 1.58 is reported to work. Feedback about other version compatibility is welcome.
I normally buuld using g++, the GNU C++ compiler; clang++ should also work but is tested less frequently (define CXX to select which to use). I'm currently using g++ version 6.2 and clang++ version 3.8. Older versions should be OK as long as they support C++14, which probably means any g++ version newer than 5.0.
You need GNU Make. Other versions of Make, e.g. the FreeBSD Make, will not work.
See the download page for instructions on downloading the Anyterm source code.
Please don't compile as root.
Use make -j on a multi-core machine.
You should not see any errors or warnings while compiling. If you do see them it may mean that something has gone wrong; don't ignore them.
There's currently no "make install" rule; just copy the anytermd executable to somewhere appropriate, e.g.:
To check the basic functionality, start anytermd as follows:
Note that Anyterm will background itself as soon as it starts.
Now visit http://localhost:7777/ with your web browser. With luck you will see a terminal with a shell prompt; you should be able to type commands, use cursor key and control keys, tab completion etc. Applications that use more advanced terminal features may or may not work; "top" and "nano" both work for me. You should see bold and colours where they are used.
Using Anyterm directly like this is not recommended except for local trusted connections because it does not provide any encryption or protection against malicious input. For this reason the --local-only flag was suggested above. For normal use you should configure a proxy to protect Anyterm, as discussed next.
We suggest using Apache's mod_proxy between Anyterm and the outside world in order to:
The point to remember is that, in contrast to Anyterm, Apache's codebase has been frequently reviwed for security holes. By preventing unauthorised users from having any access to Anyterm by means of HTTP AUTH, you deny them the opportunity to poke at any security holes that Anyterm might have. (Asking for a password within the Anyterm session is not effective since by that time their poisonous HTTP request has already hit the Anyterm daemon.)
Setting up Apache is beyond the scope of this document. In outline, you need to install Apache and install its mod_proxy and mod_proxy_html (which are part of the core Apache distribution). On Debian this is done using "a2enmod proxy; a2enmod proxy_http". You must then add a section to the server configuration to enable proxying, and to suitably protect the proxied address. The following code is an example; refer to the Apache documentation for details.
Note: this example has not been reviewed recently. Feedback is welcome.
You can specify the command that Anyterm should run inside its terminal using the -c option. If you want to run a shell interactively, "ssh username@localhost" is a good choice:
Various escape sequences can be used within the command string:
You'll probably want to have anytermd start when your server boots, or at least when Apache starts. How to do this will depend on what init system you use; you may also be able to arange for it to be restarted if it terminates unexpectedly. Take care to ensure that anytermd is run as a suitably unprivilidged user.
Here's an example of a possible configuration for systemd for an anytermd instance to run behind an Apache proxy:
Note the need for %% in the command; systemd does its own %-expansion.
On Debian, you would put that file in /usr/local/systemd/system/anytermd.service, and then run "systemctl enable anytermd.service". This creates necessary symlinks in /etc/systemd, and anytermd should be started on boot. Presumably other distributions will be similar if not identical.
Anyterm has some very primitive internal support for HTTP AUTH. In general you should not use this but instead place Anyterm behind a proxy that does proper HTTP AUTH. There are two situations where it is useful:
Note that in the normal configuration, these files are compiled in to the Anyterm executable. You must therefore re-compile and restart the daemon after changing them. An alternative which avoids the need to do this is described next.
If you want to be able to change your HTML and related files without recompiling your Anyterm daemon - and this is a not-unreasonable requirement - the the suggested method is to serve them from the Apache server that is proxying to Anyterm.
To do this, assuming that your web server location /anyterm corresponds to the directory /var/www/anyterm, update the Apache proxy configuration so that only a subdirectory is proxied:
Now copy (or symlink) the files from the browser directory into /var/www/anyterm, and finally change the definition of url_prefix at the start of anyterm.js from "" to "proxy/".
(This section is probably out of date.)
One problem with Copy is that the selection will be deselected each time the screen updates. In a similar vein, when pasting you need to be quick when any dialog boxes are presented, as the communication with the server could time out if the dialog box is open for too long.
Often it's desirable to make your Anyterm shell sessions persistent, so that, for example, if you lose your network connection while editting something your changes are not lost.
Anyterm doesn't implement persistent sessions, because I've decided that it's better to use other tools for that job. Specifically, the programs "screen" and "dtach" can be used to run persistent shell sessions that you can connect to and disconnect from.