new branch of tty.js

[ghostplant]

I think the licence of tty.js is good (MIT), which is better than GPLv3 that shellinabox uses, but there are many bugs in tty.js.

So I just put the branch link here since the super branch is no longer maintained for years.
https://github.com/ghostplant/webshell.
Welcome to post bugs and do continuous maintain of tty.js.

[risacher]

I forked tty.js some time ago, mainly to replace the underlying components with updated versions: express 4, socket.io 1.x and later 2.x, and term.js with xterm.js from sourcelair. I also replaced the default shell with a script that ssh’s to localhost for security reasons. It’s https://github.com/risacher/ttyx/

[ghostplant]

@risacher
I think it is also a good choice. This version is suitable for micro service without install OpenSSH inside docker image and starts both of services.

In terms of security, this version supports https as well so it is secure if using ca-certificate file correctly, and as for http, I bet none version of web shell are actually secure, whatever using ssh inside or not.

[risacher]

I haven't tried to use ttyx as https directly, because I use it behind a reverse proxy and I terminate the TLS connection at the proxy.