Shell In A Box: command line tools to a web based terminal emulator.

Shell In A Box implements a web server that can export arbitrary command line tools to a web based terminal emulator.

This emulator is accessible to any JavaScript and CSS enabled web browser and does not require any additional browser plugins.

With default configuration, it is possible to start a Web Server at http://localhost:4200/ that allows users to login with their username and password and to get access to their login shell.

All client-server communications are encrypted, if SSL/TLS certificates have been installed.

Installation on Ubuntu is quite simple, since Shell In A Box is provided as a .deb package directly from its HomePage.

apt-get install libssl0.9.8 libpam0g openssl
dpkg -i shellinabox_2.10-1_amd64.deb

By default the daemon will be enabled while starting-up the system and will listen on TCP port 4200, it will redirect all incoming HTTP requests to their equivalent HTTPS URLs.

Configuration file is located in /etc/default/shellinabox
Certificates and Keys are stored in /var/lib/shellinabox/

To avoid (if present) Certificate/SSL error like “ERR_SSL_VERSION_OR_CIPHER_MISMATCH” white connecting to https://[shellinabox_host]:4200/, generate your SSL environment (Keys and Certificates) as follows:

cd /var/lib/shellinabox
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key
openssl rsa -in -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
cat server.crt server.key > certificate.pem

Having an Open Shell to the local system is REALLY UNSAFE!
It is recommended to have an authentication layer on top of the shellinabox daemon to improve access and security.
This can be done (for example) configuring a web-proxy over shellinaboxd with a common webserver (apache, lighttpd, nginx), and adding HTTP-Auth.

Comments are closed.