Difference between revisions of "Shell in a box"
imported>ThorstenStaerk |
imported>ThorstenStaerk |
||
Line 98: | Line 98: | ||
* install apache2 | * install apache2 | ||
apt-get install apache2 | apt-get install apache2 | ||
+ | * enable apache's proxy module: | ||
+ | a2enmod proxy | ||
+ | * do | ||
ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load | ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load | ||
+ | * in /etc/apache2/sites-enabled/000-default enter | ||
+ | <Location /shell> | ||
+ | ProxyPass http://127.0.0.1:4200 | ||
+ | Allow from 127.0.0.1 | ||
+ | </Location> | ||
+ | * restart apache | ||
+ | /etc/init.d/apache2 restart | ||
= TroubleShooting = | = TroubleShooting = |
Revision as of 18:24, 24 September 2013
Shell in a Box allows you to control a computer over the network using a Linux console in a web page. To do it, find out your distribution and proceed accordingly.
Contents
SUSE 12.1
Get it
- open a console as root.
- Download shell in a box from google
wget http://shellinabox.googlecode.com/files/shellinabox-2.11.tar.gz
- unpack it
tar xvzf shellinabox-2.11.tar.gz
- install some dependencies, in this example for SUSE Linux 12.1:
yast -i make
- build it
cd shellinabox-2.11 ./configure && make && make install
- make sure the firewall is open, here is an example for SUSE Linux:
rcSuSEfirewall2 stop
- you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:
useradd -m user passwd password
- call shell in a box
cd /tmp shellinaboxd &
- test it by surfing to your computer: http://localhost:4200
- now set up apache for https so your passwords are not transmitted unencrypted over the internet
Make it persistant
You want the shell in a box daemon shellinaboxd to be started when booting your machine, so
- add the following line to /etc/init.d/boot.local:
shellinaboxd &
- configure the firewall to always open up port 80 or stop it persistantly:
chkconfig SuSEfirewall2_setup off chkconfig SuSEfirewall2_init off
- configure apache to start on boot
chkconfig apache2 on
Co-exist with a web server
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
- install apache2, in this example for SUSE Linux 12.1:
yast -i apache2
- enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
- tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block
<IfModule mod_proxy.c> <Location /shell> ProxyPass http://127.0.0.1:4200 </Location> </IfModule>
Ubuntu
Get it
- open a console as root.
- Download shell in a box from google
wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz
- unpack it
tar xvzf shellinabox-2.14.tar.gz
- install some dependencies, in this example for SUSE Linux 12.1:
apt-get update apt-get install gcc apt-get install make
- build it
cd shellinabox-2.14 ./configure && make && make install
- you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:
useradd -m user passwd password
- call shell in a box
cd /tmp shellinaboxd &
- test it by surfing to your computer: http://localhost:4200
- now set up apache for https so your passwords are not transmitted unencrypted over the internet
make it persistent
To start the shellinabox daemon after reboot add the following line to /etc/crontab:
@reboot root /usr/local/bin/shellinaboxd &
This will start the daemon only on reboot as a background job.
Co-exist with a web server
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
- install apache2
apt-get install apache2
- enable apache's proxy module:
a2enmod proxy
- do
ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load
- in /etc/apache2/sites-enabled/000-default enter
<Location /shell> ProxyPass http://127.0.0.1:4200 Allow from 127.0.0.1 </Location>
- restart apache
/etc/init.d/apache2 restart
TroubleShooting
Symptom: ShellInABoxD does not start, it tells the error message:
Cannot read valid certificate from "certificate.pem". Check file permissions and file format.
Reason: See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody:
/tmp # ll certificate.pem -rw------- 1 nobody nogroup 2794 Aug 5 07:53 certificate.pem
Solution: Start shellinaboxd in a directory that every user can access, e.g. /tmp:
cd /tmp shellinaboxd &