88 changed files with 107 additions and 375 deletions
--- a/.gitignore
+++ b/.gitignore
--- a/0
+++ b/0
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/0
+++ b/0
--- a/0
+++ b/0
--- a/INSTALL.Debian
+++ b/INSTALL.Debian
@ -41,7 +41,7 @@ you point your browser to the site.
 At the very least, you need a file called "certificate.pem" that includes
 both the private key and the public certificate in PEM (i.e. ASCII) format.
-Additionally, you should create files for each of the publicly visible
+Additionally, you should create files for each of the publically visible
 hostnames that your machine has. These are named "certificate-${FQDN}.pem".
 You probably also want "certificate-localhost.pem".
--- a/Makefile.am
+++ b/Makefile.am
@ -242,8 +242,7 @@ shellinaboxd.1: ${top_srcdir}/shellinabox/shellinaboxd.man.in                 \
 clean-local: clean-demo
 	-rm -rf shellinaboxd.1                                                \
-	        shellinaboxd.ps                                               \
+	        shellinaboxd.ps
 	        shellinaboxd.pdf
 	-rm -rf debian/shellinabox                                            \
 	        debian/shellinabox*.debhelper*                                \
 	        debian/shellinabox.substvars                                  \
@ -365,9 +364,3 @@ clean-demo:
 	           "(int)sizeof($${sym}Start);";                              \
 	 } >"$@"
 shellinaboxd.ps: shellinaboxd.1
 	groff -man -T ps $^ >$@
 shellinaboxd.pdf: shellinaboxd.ps
 	ps2pdf $^ $@
--- a/0
+++ b/0
--- a/0
+++ b/0
--- a/README.Fedora
+++ b/README.Fedora
--- a/README.md
+++ b/README.md
@ -6,16 +6,16 @@ shellinabox
 [![Join the chat at https://gitter.im/shellinabox/shellinabox](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/shellinabox/shellinabox?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
-This is an unofficial fork of the project **Shell In A Box**. The fork was created because
+This is unofficial fork of project **Shell In A Box**. Fork was created because
-the original project was not maintained anymore and we cannot contact the original
+original project is not maintained anymore and we cannot contact original
 repository owners.
-Our aim is to continue with maintenance of the shellinabox project. For a list of
+Our aim is to continue with maintanince of shellinabox project. For list of
-recent changes, please see [CHANGELOG.md](/CHANGELOG.md).
+recent changes please see [CHANGELOG.md](/CHANGELOG.md).
-If you have any questions, issues, or patches, please feel free to submit a pull
+If you have any questions, issues or patches, please fell free to submit pull
-request or report an issue. You can also drop an email to the original project
+request or report an issue. You can also drop an email to original project
-[issue #261](https://code.google.com/p/shellinabox/issues/detail?id=261) discussion
+[issue #261](https://code.google.com/p/shellinabox/issues/detail?id=261) discusion
 from where this fork started.
@ -42,17 +42,34 @@ Build
 For building **shellinabox** from source on Debian or RHEL based systems use commands
 listed below. This will create executable file `shellinaboxd` in project directory.
-1. Clone the autotools
+1. Install dependencies
   ```
-    wget https://raw.githubusercontent.com/simono41/shellinabox/master/auto.sh
+    apt-get install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf
   ```
-3. Run autotools 
+   or
   ```
-    chmod +x auto.sh
+   yum install git openssl-devel pam-devel zlib-devel autoconf automake libtool
-    ./auto.sh
+   ```
 2. Clone source files and move to project directory
   ```
    git clone https://github.com/shellinabox/shellinabox.git && cd shellinabox
   ```
 3. Run autotools in project directory
   ```
    autoreconf -i
   ```
 4. Run configure and make in project directory
   ```
    ./configure && make
   ```
 #### Debian package
@ -86,19 +103,5 @@ created from our sources. In new issue report please include following things:
 * Version of shellinabox
 * Steps to reproduce the problem
-Also feel free to post any questions or comments in [shellinabox chat room](https://gitter.im/shellinabox/shellinabox)
+Also feel free to post any questions or comments in [shellianbox chat room](https://gitter.im/shellinabox/shellinabox)
 on Gitter.
 Known Issues
 ------------
 * The openssl package is required for HTTP/SSL support.
  Shell-in-a-box may be used without SSL such that the login session
  is not encrypted.  To enable automatic creation of self-signed
  certificates or to use a generated certificate, install openssl.
 * On Debian Jessie, the default openssl package does not include the
  utilities necessary for Shell-in-a-box to generate self-signed
  certificates.  Upgrade openssl to install a version of the tools
  that support certificate creation.
--- a/0
+++ b/0
--- a/auto.sh
+++ b/auto.sh
@ -1,56 +0,0 @@
 #!/bin/bash
 set -ex
 if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
 fi
  echo "Als root Angemeldet"
 if [ -f /usr/bin/apt ]; then
  apt update
  apt install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf
 fi
 if [ -f /usr/bin/pacman ]; then
  pacman -Sy git openssl autoconf automake make gcc
 fi
 cd /opt/
 git clone https://github.com/simono41/shellinabox.git
 cd shellinabox
 autoreconf -i
 ./configure && make
 cp shellinabox.service /etc/systemd/system/
 systemctl daemon-reload
 systemctl enable shellinabox.service
 # adduser
 echo adduser webssh
 useradd webssh
 mkdir /home/webssh
 cp shellinabox_sshwrapper.sh /home/webssh/
 chmod 770 -R /home/webssh/
 chown -cR webssh:webssh /home/webssh/
 passwd webssh <<EOT
 webssh
 webssh
 EOT
 systemctl start shellinabox.service &
--- a/configure.ac
+++ b/configure.ac
@ -2,7 +2,7 @@ AC_PREREQ(2.57)
 dnl This is one of the locations where the authoritative version
 dnl  number is stored.  The other is in the debian/changelog.
-AC_INIT(shellinabox, 2.20, markus@shellinabox.com)
+AC_INIT(shellinabox, 2.19, markus@shellinabox.com)
 if test -e .git; then
 VCS_REVISION=" (revision `cd $srcdir && git log -1 --format=format:%h`)"
 else
@ -32,7 +32,7 @@ AC_SUBST(AR_FLAGS, [cr])
 dnl Check for header files that do not exist on all platforms
 AC_CHECK_HEADERS([libutil.h pthread.h pty.h strings.h syslog.h sys/prctl.h \
-                  sys/uio.h util.h])
+                  sys/uio.h util.h utmp.h utmpx.h])
 dnl Most systems require linking against libutil.so in order to get login_tty()
 AC_CHECK_FUNCS(login_tty, [],
@ -75,6 +75,15 @@ AC_TRY_LINK([#include <math.h>],
            [AC_DEFINE(HAVE_ISNAN, 1,
                       Define to 1 if you have support for isnan)])
 dnl Even if utmpx.h exists, not all systems have support for updwtmpx()
 AC_TRY_LINK([#include <utmp.h>],
            [updwtmp(0, 0);],
            [AC_DEFINE(HAVE_UPDWTMP, 1,
                       Define to 1 if you have support for updwtmp)])
 AC_TRY_LINK([#include <utmpx.h>],
            [updwtmpx(0, 0);],
            [AC_DEFINE(HAVE_UPDWTMPX, 1,
                       Define to 1 if you have support for updwtmpx)])
 dnl Check if the compiler supports aliasing of symbols
 AC_TRY_LINK([void x(void) { };
@ -138,28 +147,6 @@ AC_ARG_ENABLE(runtime-loading,
                            these libraries into the binary, thus making them a
                            hard dependency, then disable runtime-loading.])
 dnl This is feature is not suported in some standard C libs. So users can use
 dnl this switch to avoid compile and runtime problems. Note that utmp must
 dnl disabled on systems with musl libc.
 AC_ARG_ENABLE(utmp,
              [  --disable-utmp            Disable support for login records. Note
                                           that for systems with musl libc utmp must
                                           be disabled.])
 if test "x$enable_utmp" != xno; then
  AC_CHECK_HEADERS([utmp.h utmpx.h])
  dnl Even if utmpx.h exists, not all systems have support for updwtmpx()
  AC_TRY_LINK([#include <utmp.h>],
              [updwtmp(0, 0);],
              [AC_DEFINE(HAVE_UPDWTMP, 1,
                         Define to 1 if you have support for updwtmp)])
  AC_TRY_LINK([#include <utmpx.h>],
              [updwtmpx(0, 0);],
              [AC_DEFINE(HAVE_UPDWTMPX, 1,
                         Define to 1 if you have support for updwtmpx)])
 fi
 dnl Only test for OpenSSL headers, if not explicitly disabled
 if test "x$enable_ssl" != xno; then
  AC_CHECK_HEADERS([openssl/bio.h openssl/err.h openssl/ssl.h])
--- a/contrib/README-siab.rb
+++ b/contrib/README-siab.rb
--- a/contrib/siab.rb
+++ b/contrib/siab.rb
--- a/debian/README.available
+++ b/debian/README.available
--- a/debian/README.enabled
+++ b/debian/README.enabled
--- a/debian/README.source
+++ b/debian/README.source
--- a/debian/changelog
+++ b/debian/changelog
@ -1,31 +1,9 @@
 shellinabox (2.20) unstable; urgency=medium
  * Fixed issue #222, LOGIN service
  * Fixed issue #360, ignore escape sequences to fix dir listing
  * Fix for function key presses
  * Adjusting scale on IE
  * New option to disable peer check (#364)
  * Add option for custom SSH port
  * Support for APL characters
  * PDF documentation
  * Fix for BSD build
  * New ready event support
  * OpenSSL 1.1 fixes  (Closes: #828542)
  * May build with MUSL library
  * Documentation added that SSL support is optional and requires
    installation of openssl on Debian. (Closes: #839067)
  * Jessie requires explicit installation of openssl because the default
    package does not include the necessary utilities to support creation
    of certificates. (Closes: #839066)
 -- Marc Singer <elf@debian.org>  Wed, 09 Nov 2016 09:52:24 -0800
 shellinabox (2.19) unstable; urgency=high
  * Added support for middle-click paste, #350.
  * Improved iOS support, #354.
  * New logic to enable soft keyboard icon, #119, #321, #354.
-  * Disable HTTP fallback using the URL /plain.  Consequently disables
+  * Disable HTTPS fallback using the URL /plain.  Consequently disables
    automatic upgrades from HTTP to HTTPS, #355. (CVE-2015-8400).
 -- Marc Singer <elf@debian.org>  Sat, 05 Dec 2015 10:24:12 -0800
--- a/debian/compat
+++ b/debian/compat
--- a/debian/control
+++ b/debian/control
@ -16,7 +16,5 @@ Suggests: openssl
 Description: publish command line shell through AJAX interface
 Shellinabox can export arbitrary command line programs to any JavaScript
 enabled web browser. By default, it prompts for username and password
- and then exports a login shell. Shellinabox provides a VT100
+ and then exports a SSL/TLS encrypted login shell. Shellinabox provides
- compatible terminal emulator that runs within any modern
+ a VT100 compatible terminal emulator that runs within any modern browser.
 browser. Support for HTTPS protocol (SSL/TLS encryption) is optional
 and requires installation of openssl.
--- a/debian/copyright
+++ b/debian/copyright
--- a/debian/docs
+++ b/debian/docs
--- a/debian/shellinabox.default
+++ b/debian/shellinabox.default
--- a/debian/shellinabox.dirs
+++ b/debian/shellinabox.dirs
--- a/debian/shellinabox.examples
+++ b/debian/shellinabox.examples
--- a/debian/shellinabox.lintian-overrides
+++ b/debian/shellinabox.lintian-overrides
--- a/debian/shellinabox.preinst
+++ b/debian/shellinabox.preinst
--- a/debian/shellinabox.prerm
+++ b/debian/shellinabox.prerm
--- a/debian/source/format
+++ b/debian/source/format
--- a/debian/source/include-binaries
+++ b/debian/source/include-binaries
--- a/debian/source/options
+++ b/debian/source/options
--- a/demo/demo.html
+++ b/demo/demo.html
--- a/demo/demo.jspp
+++ b/demo/demo.jspp
--- a/demo/demo.xml
+++ b/demo/demo.xml
--- a/demo/keyboard.html
+++ b/demo/keyboard.html
--- a/etc-pam.d-shellinabox-example
+++ b/etc-pam.d-shellinabox-example
--- a/libhttp/hashmap.c
+++ b/libhttp/hashmap.c
--- a/libhttp/hashmap.h
+++ b/libhttp/hashmap.h
--- a/libhttp/http.h
+++ b/libhttp/http.h
--- a/libhttp/httpconnection.c
+++ b/libhttp/httpconnection.c
@ -430,7 +430,7 @@ void destroyHttpConnection(struct HttpConnection *http) {
            http->peerName ? http->peerName : "???", http->peerPort);
    }
    httpShutdown(http, http->closed ? SHUT_WR : SHUT_RDWR);
-    dcheck(!close(http->fd) || errno != EBADF);
+    dcheck(!close(http->fd));
    free(http->peerName);
    free(http->url);
    free(http->method);
--- a/libhttp/httpconnection.h
+++ b/libhttp/httpconnection.h
--- a/libhttp/libhttp.sym
+++ b/libhttp/libhttp.sym
--- a/libhttp/server.c
+++ b/libhttp/server.c
--- a/libhttp/server.h
+++ b/libhttp/server.h
--- a/libhttp/ssl.c
+++ b/libhttp/ssl.c
@ -100,7 +100,6 @@ BIO_METHOD *  (*BIO_f_buffer)(void);
 void          (*BIO_free_all)(BIO *);
 BIO *         (*BIO_new)(BIO_METHOD *);
 BIO *         (*BIO_new_socket)(int, int);
 BIO *         (*BIO_next)(BIO *);
 BIO *         (*BIO_pop)(BIO *);
 BIO *         (*BIO_push)(BIO *, BIO *);
 #if defined(HAVE_OPENSSL_EC)
@ -281,7 +280,6 @@ static void loadSSL(void) {
    { { &BIO_free_all },                "BIO_free_all" },
    { { &BIO_new },                     "BIO_new" },
    { { &BIO_new_socket },              "BIO_new_socket" },
    { { &BIO_next },                    "BIO_next" },
    { { &BIO_pop },                     "BIO_pop" },
    { { &BIO_push },                    "BIO_push" },
    { { &ERR_clear_error },             "ERR_clear_error" },
@ -1015,14 +1013,6 @@ int sslPromoteToSSL(struct SSLSupport *ssl, SSL **sslHndl, int fd,
 #endif
 }
 BIO *sslGetNextBIO(BIO *b) {
 #if OPENSSL_VERSION_NUMBER <= 0x10100000L
  return b->next_bio;
 #else
  return BIO_next(b);
 #endif
 }
 void sslFreeHndl(SSL **sslHndl) {
 #if defined(HAVE_OPENSSL)
  if (*sslHndl) {
@ -1030,23 +1020,24 @@ void sslFreeHndl(SSL **sslHndl) {
    // BIOs. This is particularly a problem if an SSL connection has two
    // different BIOs for the read and the write end, with one being a stacked
    // derivative of the other. Unfortunately, this is exactly the scenario
-    // that we set up with call to "BIO_push(readBIO, writeBIO)" in function
+    // that we set up.
    // "sslPromoteToSSL()".
    // As a work-around, we un-stack the BIOs prior to freeing the SSL
    // connection.
    debug("[ssl] Freeing SSL handle.");
    ERR_clear_error();
    BIO *writeBIO, *readBIO;
    check(writeBIO    = SSL_get_wbio(*sslHndl));
    check(readBIO     = SSL_get_rbio(*sslHndl));
    if (writeBIO != readBIO) {
-      if (sslGetNextBIO(readBIO) == writeBIO) {
+      if (readBIO->next_bio == writeBIO) {
-        // OK, that's exactly the bug we are looking for. We know that
+        // OK, that's exactly the bug we are looking for. We know how to
-        // writeBIO needs to be removed from readBIO chain.
+        // fix it.
        debug("[ssl] Removing stacked write BIO!");
        check(BIO_pop(readBIO) == writeBIO);
-        check(!sslGetNextBIO(readBIO));
+        check(readBIO->references == 1);
-      } else if (sslGetNextBIO(readBIO) == sslGetNextBIO(writeBIO)) {
+        check(writeBIO->references == 1);
        check(!readBIO->next_bio);
        check(!writeBIO->prev_bio);
      } else if (readBIO->next_bio == writeBIO->next_bio &&
                 writeBIO->next_bio->prev_bio == writeBIO) {
        // Things get even more confused, if the SSL handshake is aborted
        // prematurely.
        // OpenSSL appears to internally stack a BIO onto the read end that
@ -1055,13 +1046,15 @@ void sslFreeHndl(SSL **sslHndl) {
        // reading and one for writing). In this case, not only is the
        // reference count wrong, but the chain of next_bio/prev_bio pairs
        // is corrupted, too.
        warn("[ssl] Removing stacked socket BIO!");
        BIO *sockBIO;
        check(sockBIO = BIO_pop(readBIO));
        check(sockBIO == BIO_pop(writeBIO));
-        check(!sslGetNextBIO(readBIO));
+        check(readBIO->references == 1);
-        check(!sslGetNextBIO(writeBIO));
+        check(writeBIO->references == 1);
-        check(!sslGetNextBIO(sockBIO));
+        check(sockBIO->references == 1);
        check(!readBIO->next_bio);
        check(!writeBIO->next_bio);
        check(!sockBIO->prev_bio);
        BIO_free_all(sockBIO);
      } else {
        // We do not know, how to fix this situation. Something must have
--- a/libhttp/ssl.h
+++ b/libhttp/ssl.h
@ -82,7 +82,6 @@ extern BIO_METHOD *(*x_BIO_f_buffer)(void);
 extern void    (*x_BIO_free_all)(BIO *);
 extern BIO    *(*x_BIO_new)(BIO_METHOD *);
 extern BIO    *(*x_BIO_new_socket)(int, int);
 extern BIO    *(*x_BIO_next)(BIO *);
 extern BIO    *(*x_BIO_pop)(BIO *);
 extern BIO    *(*x_BIO_push)(BIO *, BIO *);
 #if defined(HAVE_OPENSSL_EC)
@ -132,7 +131,6 @@ extern void   *(*x_SSL_COMP_get_compression_methods)(void);
 #define BIO_free_all                 x_BIO_free_all
 #define BIO_new                      x_BIO_new
 #define BIO_new_socket               x_BIO_new_socket
 #define BIO_next                     x_BIO_next
 #define BIO_pop                      x_BIO_pop
 #define BIO_push                     x_BIO_push
 #define EC_KEY_free                  x_EC_KEY_free
--- a/libhttp/trie.c
+++ b/libhttp/trie.c
--- a/libhttp/trie.h
+++ b/libhttp/trie.h
--- a/libhttp/url.c
+++ b/libhttp/url.c
--- a/libhttp/url.h
+++ b/libhttp/url.h
--- a/logging/logging.c
+++ b/logging/logging.c
@ -100,11 +100,7 @@ void error(const char *fmt, ...) {
  va_start(ap, fmt);
  debugMsg(MSG_ERROR, fmt, ap);
 #ifdef HAVE_SYSLOG_H
-  va_list apSyslog;
+  vsyslog(LOG_ERR, fmt, ap);
  va_copy(apSyslog, ap);
  va_start(apSyslog, fmt);
  vsyslog(LOG_ERR, fmt, apSyslog);
  va_end(apSyslog);
 #endif
  va_end(ap);
 }
@ -121,11 +117,7 @@ void fatal(const char *fmt, ...) {
  va_start(ap, fmt);
  debugMsg(MSG_QUIET, fmt, ap);
 #ifdef HAVE_SYSLOG_H
-  va_list apSyslog;
+  vsyslog(LOG_CRIT, fmt, ap);
  va_copy(apSyslog, ap);
  va_start(apSyslog, fmt);
  vsyslog(LOG_CRIT, fmt, apSyslog);
  va_end(apSyslog);
  syslog(LOG_CRIT, "[server] Aborting...");
 #endif
  va_end(ap);
--- a/logging/logging.h
+++ b/logging/logging.h
--- a/m4/.gitignore
+++ b/m4/.gitignore
--- a/misc/embedded.html
+++ b/misc/embedded.html
@ -14,7 +14,7 @@
 	For communication with Shell In A Box we need to set '-m' (messages-origin)
 	command line option with appropriate messages origin. Origin should be set to
-	URL of parent (this) window. If origin is set to '*' Shell In A Box won't check
+	URL of parent (this) window. If origin is set to '*' Shell In A Box won't checki
 	origin on received messages. This is usually unsafe option.
 	Command line example:
@ -25,7 +25,7 @@
 	# Client Side
 	#
-	Shell In A Box accepts messages formatted as JSON strings with 'type' and 'data'
+	Shell In A Box accepts messages formated as JSON strings with 'type' and 'data'
 	fields. Messages with same format can be passed back to parent (this) window.
 	Message example:
@ -59,9 +59,6 @@
 	Following types of messages can be received from shellinabox:
 	* ready
 		signals that shellinabox is ready to send and receive messages
 	* output
 		data field contains terminal output
@ -143,6 +140,10 @@
 		var output  = document.getElementById("output");
 		var session = document.getElementById("session");
 		// Add url to our iframe. We do this, only that variable 'url' can be used
 		// throughout the whole code where needed.
 		iframe.src = url;
 		document.getElementById("execute").addEventListener("click", function() {
 			// Send input to shellinabox
 			var message = JSON.stringify({
@ -208,15 +209,6 @@
 			// Handle response according to response type
 			var decoded = JSON.parse(message.data);
 			switch (decoded.type) {
 			case "ready":
 				// Shellinabox is ready to communicate and we will enable console output
 				// by default.
 				var message = JSON.stringify({
 					type : 'output',
 					data : 'enable'
 				});
 				iframe.contentWindow.postMessage(message, url);
 				break;
 			case "output" :
 				// Append new output
 				output.innerHTML = output.innerHTML + decoded.data;
@ -228,9 +220,6 @@
 			}
 		}, false);
 		// Add url to our iframe after the event listener is installed.
 		iframe.src = url;
 	</script>
 </body>
--- a/misc/preview.gif
+++ b/misc/preview.gif
--- a/misc/preview.png
+++ b/misc/preview.png
--- a/22
+++ b/22
@ -1,22 +0,0 @@
 #!/bin/bash
 set -ex
 if [[ "--help" == "${1}" ]]; then
 echo "bash ./sgit user.email commit"
 fi
 if [[ -z "${2}" ]]; then
 echo "Bitte email und commit angeben!!!"
 exit 1
 fi
 git config --global user.email "${1}"
 git config --global user.name "${1}"
 git status
 git pull
 git add --all
 git commit --all -m "${2}"
 git show
 git push
 git status
--- a/shellinabox.service
+++ b/shellinabox.service
@ -1,9 +0,0 @@
 [Unit]
 Description=shellinabox
 [Service]
 Type=oneshot
 ExecStart=/opt/shellinabox/shellinaboxd -t --service=/:webssh:webssh:HOME:'/home/webssh/shellinabox_sshwrapper.sh'
 [Install]
 WantedBy=multi-user.target
--- a/shellinabox/beep.wav
+++ b/shellinabox/beep.wav
--- a/shellinabox/black-on-white.css
+++ b/shellinabox/black-on-white.css
--- a/shellinabox/cgi_root.html
+++ b/shellinabox/cgi_root.html
--- a/shellinabox/color.css
+++ b/shellinabox/color.css
--- a/shellinabox/enabled.gif
+++ b/shellinabox/enabled.gif
--- a/shellinabox/externalfile.c
+++ b/shellinabox/externalfile.c
--- a/shellinabox/externalfile.h
+++ b/shellinabox/externalfile.h
--- a/shellinabox/favicon.ico
+++ b/shellinabox/favicon.ico
--- a/shellinabox/keyboard-layout.html
+++ b/shellinabox/keyboard-layout.html
--- a/shellinabox/keyboard.png
+++ b/shellinabox/keyboard.png
--- a/shellinabox/launcher.c
+++ b/shellinabox/launcher.c
@ -63,7 +63,6 @@
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/time.h>
 #include <sys/ttydefaults.h>
 #include <sys/types.h>
 #include <sys/wait.h>
 #include <sys/utsname.h>
--- a/shellinabox/launcher.h
+++ b/shellinabox/launcher.h
--- a/shellinabox/monochrome.css
+++ b/shellinabox/monochrome.css
--- a/shellinabox/print-styles.css
+++ b/shellinabox/print-styles.css
--- a/shellinabox/privileges.c
+++ b/shellinabox/privileges.c
--- a/shellinabox/privileges.h
+++ b/shellinabox/privileges.h
--- a/shellinabox/root_page.html
+++ b/shellinabox/root_page.html
--- a/shellinabox/service.c
+++ b/shellinabox/service.c
@ -121,29 +121,18 @@ void initService(struct Service *service, const char *arg) {
    service->group                          = NULL;
    check(service->cwd                      = strdup("/"));
    char *host;
    char *sshPort;
    check(host                              = strdup("localhost"));
    check(sshPort                           = strdup("22"));
    if ((ptr                                = strchr(arg, ':')) != NULL) {
-      ptr                                   = ptr + 1;
+      check(ptr                             = strdup(ptr + 1));
-      if (*ptr) {
+      char *end;
-        char *tmp                           = strchr(ptr, ':');
+      if ((end                              = strchr(ptr, ':')) != NULL) {
-        if (tmp == NULL) {
+        *end                                = '\000';
          // If the second ":" is not found, keep as host whatever is after first ":".
          free(host);
          check(host                        = strdup(ptr));
        } else {
          // If we find a second ":", keep as a host whatever is in between first ":"
          // and second ":" and as sshPort whatever is after second ":".
          int size                          = (tmp - ptr + 1);
          free(host);
          free(sshPort);
          check(host                        = malloc(size));
          memset(host, 0, size);
          memcpy(host, ptr, size - 1);
          check(sshPort                     = strdup(tmp + 1));
      }
      if (*ptr) {
        free(host);
        host                                = ptr;
      } else {
        free(ptr);
      }
    }
@ -159,15 +148,6 @@ void initService(struct Service *service, const char *arg) {
      }
    }
    // Don't allow manipulation of the SSH command line through "creative" use
    // of the port.
    for (char *h = sshPort; *h; h++) {
      char ch                               = *h;
      if (!(ch >= '0' && ch <= '9')) {
        fatal("[config] Invalid port \"%s\" in service definition!", sshPort);
      }
    }
    service->cmdline                        = stringPrintf(NULL,
      "ssh -a -e none -i /dev/null -x -oChallengeResponseAuthentication=no "
          "-oCheckHostIP=no -oClearAllForwardings=yes -oCompression=no "
@ -182,9 +162,8 @@ void initService(struct Service *service, const char *arg) {
 //          feature, we cannot be sure that it is available on the
 //          target server.  Removing it for the sake of Centos.
 //          "-oVisualHostKey=no"
-          " -oLogLevel=FATAL -p%s %%s@%s",sshPort,  host);
+          " -oLogLevel=FATAL %%s@%s", host);
    free(host);
    free(sshPort);
  } else {
    service->useLogin                       = 0;
--- a/shellinabox/service.h
+++ b/shellinabox/service.h
--- a/shellinabox/session.c
+++ b/shellinabox/session.c
@ -116,11 +116,9 @@ void initSession(struct Session *session, const char *sessionKey,
  session->http           = NULL;
  session->done           = 0;
  session->pty            = -1;
  session->ptyFirstRead   = 1;
  session->width          = 0;
  session->height         = 0;
  session->buffered       = NULL;
  session->useLogin       = 0;
  session->len            = 0;
  session->pid            = 0;
  session->cleanup        = 0;
--- a/shellinabox/session.h
+++ b/shellinabox/session.h
@ -58,11 +58,9 @@ struct Session {
  HttpConnection   *http;
  int              done;
  int              pty;
  int              ptyFirstRead;
  int              width;
  int              height;
  char             *buffered;
  int              useLogin;
  int              len;
  pid_t            pid;
  int              cleanup;
--- a/shellinabox/shell_in_a_box.jspp
+++ b/shellinabox/shell_in_a_box.jspp
@ -406,9 +406,6 @@ ShellInABox.prototype.messageInit = function() {
    }
  }
  // After message mechanisms are in place "ready" message is sent to parent
  // window.
  parent.postMessage(JSON.stringify({type : 'ready', data : ''}), '*');
 };
 ShellInABox.prototype.messageReceive = function (message) {
--- a/shellinabox/shellinaboxd.c
+++ b/shellinabox/shellinaboxd.c
@ -63,7 +63,7 @@
 #include <sys/stat.h>
 #include <sys/socket.h>
 #include <sys/un.h>
-#include <time.h>
+
 #include <unistd.h>
 #ifdef HAVE_SYS_PRCTL_H
@ -110,7 +110,6 @@ static int            portMax;
 static int            localhostOnly     = 0;
 static int            noBeep            = 0;
 static int            numericHosts      = 0;
 static int            peerCheckEnabled  = 1;
 static int            enableSSL         = 1;
 static int            enableSSLMenu     = 1;
 static int            forceSSL          = 1; // TODO enable http fallback with commandline option
@ -292,13 +291,6 @@ static void sessionDone(void *arg) {
  completePendingRequest(session, "", 0, INT_MAX);
 }
 static void delaySession(void) {
  struct timespec ts;
  ts.tv_sec              = 0;
  ts.tv_nsec             = 200 * 1000; // Delay for 0.2 ms
  nanosleep(&ts, NULL);
 }
 static int handleSession(struct ServerConnection *connection, void *arg,
                         short *events, short revents) {
  struct Session *session       = (struct Session *)arg;
@ -318,7 +310,7 @@ static int handleSession(struct ServerConnection *connection, void *arg,
  int timedOut                  = serverGetTimeout(connection) < 0;
  if (bytes || timedOut) {
    if (!session->http && timedOut) {
-      debug("[server] Timeout. Closing session %s!", session->sessionKey);
+      debug("[server] Timeout. Closing session!");
      session->cleanup = 1;
      return 0;
    }
@ -332,26 +324,8 @@ static int handleSession(struct ServerConnection *connection, void *arg,
      *events                   = 0;
    }
    serverSetTimeout(connection, AJAX_TIMEOUT);
    session->ptyFirstRead       = 0;
    return 1;
  } else {
    if (revents & POLLHUP) {
      if (session->useLogin && session->ptyFirstRead) {
        // Workaround for random "Session closed" issues related to /bin/login
        // closing and reopening our pty during initialization. This happens only
        // on some systems like Fedora for example.
        // Here we allow that our pty is closed by ignoring POLLHUP on first read.
        // Delay is also needed so that login process has some time to reopen pty.
        // Note that the issue may occur anyway but with workaround we reduce the
        // chances.
        debug("[server] POLLHUP received on login PTY first read!");
        session->ptyFirstRead   = 0;
        delaySession();
        return 1;
      }
      debug("[server] POLLHUP received on PTY! Closing session %s!",
            session->sessionKey);
    }
    return 0;
  }
 }
@ -394,7 +368,7 @@ static int dataHandler(HttpConnection *http, struct Service *service,
  }
  // Sanity check
-  if (!sessionIsNew && peerCheckEnabled && strcmp(session->peerName, httpGetPeerName(http))) {
+  if (!sessionIsNew && strcmp(session->peerName, httpGetPeerName(http))) {
    error("[server] Peername changed from %s to %s",
          session->peerName, httpGetPeerName(http));
    httpSendReply(http, 400, "Bad Request", NO_MSG);
@ -428,7 +402,6 @@ static int dataHandler(HttpConnection *http, struct Service *service,
      goto bad_new_session;
    }
    session->http         = http;
    session->useLogin     = service->useLogin;
    if (launchChild(service->id, session,
                    rootURL && *rootURL ? rootURL : urlGetURL(url)) < 0) {
      abandonSession(session);
@ -809,7 +782,7 @@ static void usage(void) {
          "  -f, --static-file=URL:FILE  serve static file from URL path\n"
          "  -g, --group=GID             switch to this group (default: %s)\n"
          "  -h, --help                  print this message\n"
-          "      --linkify=[none|normal|aggressive] default is \"normal\"\n"
+          "      --linkify=[none|normal|agressive] default is \"normal\"\n"
          "      --localhost-only        only listen on 127.0.0.1\n"
          "      --no-beep               suppress all audio output\n"
          "  -n, --numeric               do not resolve hostnames\n"
@ -825,7 +798,6 @@ static void usage(void) {
          "      --user-css=STYLES       defines user-selectable CSS options\n"
          "  -v, --verbose               enable logging messages\n"
          "      --version               prints version information\n"
          "      --disable-peer-check    disable peer check on a session\n"
          "\n"
          "Debug, quiet, and verbose are mutually exclusive.\n"
          "\n"
@ -897,7 +869,6 @@ static void parseArgs(int argc, char * const argv[]) {
  int hasSSL               = serverSupportsSSL();
  if (!hasSSL) {
    enableSSL              = 0;
    forceSSL               = 0;
  }
  int demonize             = 0;
  int cgi                  = 0;
@ -936,7 +907,6 @@ static void parseArgs(int argc, char * const argv[]) {
      { "user-css",             1, 0,  0  },
      { "verbose",              0, 0, 'v' },
      { "version",              0, 0,  0  },
      { "disable-peer-check",   0, 0,  0  },
      { 0,                  0, 0,  0  } };
    int idx                = -1;
    int c                  = getopt_long(argc, argv, optstring, options, &idx);
@ -1156,7 +1126,6 @@ static void parseArgs(int argc, char * const argv[]) {
        warn("[config] Ignoring disable-ssl option, as SSL support is unavailable.");
      }
      enableSSL            = 0;
      forceSSL             = 0;
    } else if (!idx--) {
      // Disable SSL Menu
      if (!hasSSL) {
@ -1246,9 +1215,6 @@ static void parseArgs(int argc, char * const argv[]) {
      // Version
      printf("ShellInABox version " VERSION VCS_REVISION "\n");
      exit(0);
    } else if (!idx--) {
      // disable-peer-check
      peerCheckEnabled = 0;
    }
  }
  if (optind != argc) {
--- a/shellinabox/shellinaboxd.man.in
+++ b/shellinabox/shellinaboxd.man.in
@ -282,7 +282,7 @@ Display a brief usage message showing the valid command line parameters.
 .TP
 \fB--linkify\fP=[\fBnone\fP|\fBnormal\fP|\fBaggressive\fP]
 the daemon attempts to recognize URLs in the terminal output and makes them
-clickable. This is not necessarily a fool-proof process and both false
+clickable. This is not neccessarily a fool-proof process and both false
 negatives and false positives are possible. By default, only URLs starting
 with a well known protocol of
 .BR http:// ,\  https:// ,\  ftp:// ,\ or\  mailto:
--- a/shellinabox/usercss.c
+++ b/shellinabox/usercss.c
--- a/shellinabox/usercss.h
+++ b/shellinabox/usercss.h
--- a/shellinabox/vt100.jspp
+++ b/shellinabox/vt100.jspp
@ -83,7 +83,6 @@
 #define EStitle        17
 #define ESss2          18
 #define ESss3          19
 #define ESVTEtitle     20
 #define ATTR_DEFAULT   0x60F0
 #define ATTR_REVERSE   0x0100
@ -1604,9 +1603,6 @@ VT100.prototype.updateWidth = function() {
      this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale);
    }
  } else {
    if ("ActiveXObject" in window)
      this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale*0.95);
    else
    this.terminalWidth = Math.floor(this.console[this.currentScreen].offsetWidth/this.cursorWidth*this.scale);
  }
@ -2844,7 +2840,7 @@ VT100.prototype.handleKey = function(event) {
      ch                              = part1                                 +
                                       ((event.shiftKey             ? 1 : 0)  +
                                        (event.altKey|event.metaKey ? 2 : 0)  +
-                                        (event.ctrlKey              ? 4 : 0) + 1) +
+                                        (event.ctrlKey              ? 4 : 0)) +
                                        part2;
    } else if (ch.length == 1 && (event.altKey || event.metaKey)
               && !this.disableAlt) {
@ -2914,9 +2910,9 @@ VT100.prototype.fixEvent = function(event) {
  // Some browsers fail to translate keys, if both shift and alt/meta is
  // pressed at the same time. We try to translate those cases, but that
  // only works for US keyboard layouts.
  if (event.shiftKey) {
    var u                   = undefined;
    var s                   = undefined;
  if (event.shiftKey) {
    switch (this.lastNormalKeyDownEvent.keyCode) {
    case  39: /* ' -> " */ u = 39; s =  34; break;
    case  44: /* , -> < */ u = 44; s =  60; break;
@ -2957,13 +2953,6 @@ VT100.prototype.fixEvent = function(event) {
    case 222: /* ' -> " */ u = 39; s =  34; break;
    default:                                break;
    }
  } else {
    var c = this.lastNormalKeyDownEvent.keyCode;
    if (c >= 65 && c <= 90) {
      u = c;
      s = u | 32;
    }
  }
    if (s && (event.charCode == u || event.charCode == 0)) {
      var fake              = [ ];
      fake.charCode         = s;
@ -2974,6 +2963,7 @@ VT100.prototype.fixEvent = function(event) {
      fake.metaKey          = event.metaKey;
      return fake;
    }
  }
  return event;
 };
@ -3058,8 +3048,10 @@ VT100.prototype.keyDown = function(event) {
    } else {
      fake.charCode             = 0;
      fake.keyCode              = event.keyCode;
-    }
+      if (!alphNumKey && event.shiftKey) {
        fake                    = this.fixEvent(fake);
      }
    }
    this.handleKey(fake);
    this.lastNormalKeyDownEvent = undefined;
@ -3174,10 +3166,10 @@ VT100.prototype.keyUp = function(event) {
      } else {
        fake.charCode             = 0;
        fake.keyCode              = event.keyCode;
-      }
+        if (!alphNumKey && (event.ctrlKey || event.altKey || event.metaKey)) {
      if (event.ctrlKey || event.altKey || event.metaKey) {
          fake                    = this.fixEvent(fake);
        }
      }
      this.lastNormalKeyDownEvent = undefined;
      this.handleKey(fake);
    }
@ -3908,7 +3900,7 @@ VT100.prototype.csim = function() {
    case 27: this.attr &= ~ ATTR_REVERSE;                              break;
    case 38:
      if (this.npar >= (i+2) && this.par[i+1] == 5) {
-        // Foreground color for extended color mode (256 colors). Escape code is formatted
+        // Foreground color for extended color mode (256 colors). Escape code is formated
        // as: ESC 38; 5; 0-255. Last parameter is color code in range [0-255]. This is
        // not VT100 standard.
        this.attrFg     = (this.par[i+2] >= 0 && this.par[i+2] <= 255) ? this.par[i+2] : false;
@ -3924,7 +3916,7 @@ VT100.prototype.csim = function() {
      break;
    case 48:
      if (this.npar >= (i+2) && this.par[i+1] == 5) {
-        // Background color for extended color mode (256 colors). Escape code is formatted
+        // Background color for extended color mode (256 colors). Escape code is formated
        // as: ESC 48; 5; 0-255. Last parameter is color code in range [0-255]. This is
        // not VT100 standard.
        this.attrBg     = (this.par[i+2] >= 0 && this.par[i+2] <= 255) ? this.par[i+2] : false;
@ -4054,8 +4046,6 @@ VT100.prototype.doControl = function(ch) {
 /*0*/ case 0x30:
 /*1*/ case 0x31:
 /*2*/ case 0x32: this.isEsc   = EStitle; this.titleString = '';         break;
 /*6*/ case 0x36: this.isEsc   = ESVTEtitle;                             break;
 /*7*/ case 0x37: this.isEsc   = ESVTEtitle;                             break;
 /*P*/ case 0x50: this.npar    = 0; this.par = [ 0, 0, 0, 0, 0, 0, 0 ];
                 this.isEsc   = ESpalette;                              break;
 /*R*/ case 0x52: // Palette support is not implemented
@ -4283,13 +4273,6 @@ VT100.prototype.doControl = function(ch) {
      this.lastCharacter      = String.fromCharCode(ch);
      lineBuf                += this.lastCharacter;
      this.isEsc              = ESnormal;                               break;
    case ESVTEtitle:
      // Ignores VTE escape sequences for current directory (OSC6) and current
      // file (OSC7).
      if (ch == 0x07 || ch == 0x5C) {
        this.isEsc            = ESnormal;
      }
      break;
    default:
      this.isEsc              = ESnormal;                               break;
    }
--- a/shellinabox_sshwrapper.sh
+++ b/shellinabox_sshwrapper.sh
@ -1,32 +0,0 @@
 #!/bin/bash
 #
 set -ex
 # 
 read -p "SSH remote host (hostname or ip address) [localhost] : " host;
 [[ -z "${host}" ]] && host=localhost;
 #
 read -p "If a puplic_key authentification?: [y/N] : " puplic;
 #
 read -p "SSH remote port [22] : " port;
 [[ -z "${port}" ]] && port=22;
 #
 read -p "SSH remote username [pi] : " username;
 [[ -z "${username}" ]] && username=pi;
 #
 if [ "$puplic" == "y" ];
  then
    read -p "How is your public_key?: " key;
    echo $key > ~/.ssh/id_rsa.pub;
    rm ~/.ssh/id_rsa;
    echo "Enter your private id here and press the enter key for a new line !!!";
    id=null
    while [ "$id" != "" ];
      do
      read -p "How is your id_rsa key?: " id;
      echo $id >> ~/.ssh/id_rsa;
    done
    exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $port $username@$host;
  else
    exec ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p $port $username@$host;
 fi