Enabling telnet:// and ssh:// URLs in Firefox for Linux

Firefox’s telnet protocol handler in Linux stopped working some time after version 3.0. I manage a network of switches, routers, and other devices with command-line interfaces. Wouldn’t it be nice to be able to click on telnet:// or ssh:// URLs again?

As with most tinkering in firefox, start by typing “about:config” in the location bar. Right click and select “New”, then “Boolean”. Create two entries:

network.protocol-handler.expose.telnet = false
network.protocol-handler.expose.ssh = false

Now, click on a telnet or SSH URL, and Firefox will prompt you for the application to use. This application must handle the full URL as an argument. On Linux, the easiest solution is to choose /usr/bin/xdg-open. This will open the user’s preferred terminal, whether that is gnome-terminal, konsole, or xterm. You can use xdg-open to open almost any type of file or URL.

Alternatively, choose /usr/bin/putty, or use a simple script as follows. Edit the last line to call whatever application you prefer.

Update 2010-08-25: don’t use this script. See my next post for a better one.

#!/usr/bin/perl
# take URL of form telnet://target:port and call konsole

# get protocol and host
($proto,$addr) = split /:\/\//, $ARGV[0];

# convert "host:port" to "host port" (port is optional)
$addr =~ s/\:/\ /g;

`konsole -e $proto $addr\n`;

A bit of history, for the curious. You may find instructions online stating to create values like these:

network.protocol-handler.app.telnet = "/usr/bin/putty"
network.protocol-handler.warn-external.telnet = false

This is the old method, used in releases prior to Firefox 3.5. These settings are now ignored.

Tags: , ,

  1. Philip’s avatar

    It’s really hard to write things like this and not allow a maliciously-formed URL to execute arbitrary code. For a simple example, consider the URL (I’ll space it out, just to be sure this isn’t dangerous) “telnet : / / & xterm”. That will launch an extra xterm when clicked, not what the user wants. It is, alas, possible to do pretty much anything, even though there’s a slight limitation that makes it harder, but not impossible, to do the obvious exploits.

    (I’ve tried to keep this nonspecific enough not to be a potential exploit itself. A fix could be as easy as a “die if ($addr =~ /[^a-zA-Z0-9. -]/);”, or as complicated as actually making sure target and port are valid.)

    Sorry for channelling the resident script kiddy.

    Reply

    1. tyler’s avatar

      Philip,

      You are quite right. I didn’t consider shell escapes when writing this. The correct thing to do is to modify the url handler script to validate the input before calling the terminal emulator.

      Reply

      1. Tyler Wagner’s avatar

        That’s a different function – detecting an IP address as text, and defining various sub-menu commands to run. Or does this handle telnet:// URLs too?

        Either way, it’s very useful. Thanks!

        Reply

      2. anes’s avatar

        Very handy little tip! Thank you for sharing! :))
        I’m also trying to take it a bit further. The links I’m dealing with are in the format telnet://ip:port?=DEVICENAME
        Is there a way to add this as a 3rd argument like $title so I can pass it to konsole? I’ve never used pearl before so I would love your help on this :)

        thank you,

        Reply

      3. Tsepo’s avatar

        Hi Tyler,

        can you please help, i’m trying to run the script to run roxterm on firefox, but not working. Please help.

        Thanks in advance

        Reply

      4. tsepo’s avatar

        Thanks, helpful. Is there a way to force it to use/open tabs and add device name, when you access other devices other than opening new window.
        Thanks in-advance.

        Reply

        1. Tyler Wagner’s avatar

          No, it’s just a handler. The logic of “open in a new window” depends on the browser, and the HTML of the page you are visiting (has a target=”_blank” parameter to the “a” tag.)

          Reply

Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.