Difference between revisions of "Shell in a box"
imported>ThorstenStaerk |
imported>ThorstenStaerk |
||
Line 1: | Line 1: | ||
+ | <metadesc>How to set up shellinabox, make sure it restarts after reboot and is reachable from a browser. Tested on SUSE on Ubuntu.</metadesc> | ||
Shell in a Box allows you to [[control a computer over the network]] using a Linux console in a web page. To do it, [[find out your distribution]] and proceed accordingly. | Shell in a Box allows you to [[control a computer over the network]] using a Linux console in a web page. To do it, [[find out your distribution]] and proceed accordingly. | ||
Revision as of 16:54, 15 December 2014
Shell in a Box allows you to control a computer over the network using a Linux console in a web page. To do it, find out your distribution and proceed accordingly.
Contents
SUSE 12.1-13.1
Get it
- open a console as root.
- Download shell in a box from google
wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz
- unpack it
tar xvzf shellinabox-2.14.tar.gz
- install some dependencies, in this example for SUSE Linux 12.1:
yast -i make gcc
- build it
cd shellinabox-2.14 ./configure && make && make install
- make sure the firewall is open, here is an example for SUSE Linux:
rcSuSEfirewall2 stop
- you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:
useradd -m user passwd user
- call shell in a box
cd /tmp shellinaboxd &
- test it by surfing to your computer: http://localhost:4200
Make it persistent
You want the shell in a box daemon shellinaboxd to be started when booting your machine, so
- add the following line to /etc/init.d/boot.local:
shellinaboxd &
- configure the firewall to always open up port 80 or stop it persistantly:
chkconfig SuSEfirewall2_setup off chkconfig SuSEfirewall2_init off
- configure apache to start on boot
chkconfig apache2 on
Use in a web server
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
- install apache2, in this example for SUSE Linux 12.1:
yast -i apache2
- enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
- tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block
<IfModule mod_proxy.c> <Location /shell> ProxyPass http://127.0.0.1:4200 </Location> </IfModule>
- now set up apache for https so your passwords are not transmitted unencrypted over the internet
Ubuntu
Get it
- open a console as root.
- Download shell in a box from google
wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz
- unpack it
tar xvzf shellinabox-2.14.tar.gz
- install some dependencies:
apt-get update apt-get install gcc apt-get install make
- build it
cd shellinabox-2.14 ./configure && make && make install
- you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:
useradd -m user passwd password
- call shell in a box
cd /tmp shellinaboxd &
- test it by surfing to your computer: http://localhost:4200
make it persistent
To start the shellinabox daemon after reboot add the following line to /etc/crontab:
@reboot root /usr/local/bin/shellinaboxd &
This will start the daemon only on reboot as a background job.
Use in a web server
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
- install apache2
apt-get install apache2
- enable apache's proxy module:
a2enmod proxy
- do
ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load
- tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block:
<Location /shell> ProxyPass http://127.0.0.1:4200 Allow from 127.0.0.1 </Location>
- restart apache
/etc/init.d/apache2 restart
- test if the module has indeed been loaded:
# apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http proxy_http_module (shared)
- now set up apache for https so your passwords are not transmitted unencrypted over the internet
TroubleShooting
cannot read valid certificate
Symptom: ShellInABoxD does not start, it tells the error message:
Cannot read valid certificate from "certificate.pem". Check file permissions and file format.
Reason: See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody:
/tmp # ll certificate.pem -rw------- 1 nobody nogroup 2794 Aug 5 07:53 certificate.pem
Solution: Start shellinaboxd in a directory that every user can access, e.g. /tmp:
cd /tmp shellinaboxd &
forkpty() failed
- Symptom
- When you surf to the shellinabox page you see an error message
forkpty() failed
- Reason
- shellinabox makes use of pseudo-terminals. If your server is on a virtualization platform that shares these resources, they can get used up by other customers of your server's hoster.
- Solution
- Go to a hoster that uses full virtualization or paravirtualization, but not containering.
minus sign
- Symptom
- The minus sign does not work if you type it on the keypad.
- Solution
- I could fix this by using Safari instead of FireFox