If the client’s machine has to log in to your server, then the client will be able to figure out what credentials it’s using. There’s no way to get around that; if someone wants to, they can just sniff their own machine’s internet traffic and find it that way.
If you absolutely must use this ssh tunnel logging in from the client end, I’d recommend using public key authentication and generating a key on the host, then passing the public half to the server via an API that temporarily adds access for that key.
Not possible. There is no way to distinguish between a Java applet running on the user’s computer and a tool crafted by the user running on that same computer — their HTTP requests and SSH traffic will “smell the same”, from your perspective. Your best bet is to figure out some way to expose the necessary ports on your internal server through your firewall, rather than allowing the user to punch the necessary holes themselves.
There’s a problem with defining goals here.
There are two possible cases:
1) you need to execute some batch (sequence of commands) on the SSH server without the user knowing this
2) you need to let the user interact with the server in a limited manner.
In first case you can send a batch to your HTTP server and let the HTTP server connect to SSH server.
In second case you are providing SSH access to the user via your applet, and this is no different from providing the user access via his favorite SSH client. So you would need to provide each user different SSH credentials (and pass them to the applet) and that’s all – it would be user’s job to guard credentials, while you can add some security measures such as restricting IP access.
Finally I should note that custom SSH server with limited capabilities would possibly be a solution as well.