Difference between revisions of "Shell in a box"
imported>ThorstenStaerk |
imported>ThorstenStaerk |
||
Line 7: | Line 7: | ||
* Download shell in a box from google | * Download shell in a box from google | ||
+ | <source> | ||
wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz | wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz | ||
+ | </source> | ||
* [[unpack]] it | * [[unpack]] it | ||
− | + | <source> | |
+ | tar xvzf shellinabox-2.14.tar.gz | ||
+ | </source> | ||
<ul> | <ul> | ||
Line 16: | Line 20: | ||
<ul> | <ul> | ||
<li /> for SUSE Linux: | <li /> for SUSE Linux: | ||
− | + | <source> | |
+ | yast -i make gcc | ||
+ | </source> | ||
+ | |||
<li /> for Ubuntu: | <li /> for Ubuntu: | ||
+ | <source> | ||
apt-get update | apt-get update | ||
apt-get install make gcc | apt-get install make gcc | ||
+ | </source> | ||
</ul> | </ul> | ||
</ul> | </ul> | ||
* [[build]] it | * [[build]] it | ||
− | + | <source> | |
+ | cd shellinabox-2.14 | ||
./configure && make && make install | ./configure && make && make install | ||
+ | </source> | ||
* make sure the firewall is open, here is an example for SUSE Linux: | * make sure the firewall is open, here is an example for SUSE Linux: | ||
+ | <source> | ||
rcSuSEfirewall2 stop | rcSuSEfirewall2 stop | ||
+ | </source> | ||
* you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name ''user'' like this: | * you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name ''user'' like this: | ||
− | useradd -m | + | <source> |
− | passwd | + | useradd -m user |
+ | passwd user | ||
+ | </source> | ||
* call shell in a box | * call shell in a box | ||
+ | <source> | ||
cd /tmp | cd /tmp | ||
shellinaboxd & | shellinaboxd & | ||
+ | </source> | ||
* test it by surfing to your computer: http://localhost:4200 | * test it by surfing to your computer: http://localhost:4200 | ||
Line 45: | Line 62: | ||
=== for SUSE Linux === | === for SUSE Linux === | ||
* add the following line to /etc/init.d/boot.local: | * add the following line to /etc/init.d/boot.local: | ||
+ | <source> | ||
shellinaboxd & | shellinaboxd & | ||
+ | </source> | ||
* configure the firewall to always open up port 80 or stop it persistantly: | * configure the firewall to always open up port 80 or stop it persistantly: | ||
− | + | <source> | |
+ | chkconfig SuSEfirewall2_setup off | ||
chkconfig SuSEfirewall2_init off | chkconfig SuSEfirewall2_init off | ||
+ | </source> | ||
* configure apache to start on boot | * configure apache to start on boot | ||
+ | <source> | ||
chkconfig apache2 on | chkconfig apache2 on | ||
+ | </source> | ||
=== for Ubuntu === | === for Ubuntu === | ||
To start the shellinabox daemon after reboot add the following line to /etc/crontab: | To start the shellinabox daemon after reboot add the following line to /etc/crontab: | ||
+ | <source> | ||
@reboot root /usr/local/bin/shellinaboxd & | @reboot root /usr/local/bin/shellinaboxd & | ||
+ | </source> | ||
This will start the daemon only on reboot as a background job. | This will start the daemon only on reboot as a background job. | ||
Line 62: | Line 87: | ||
=== for SUSE Linux === | === for SUSE Linux === | ||
* install apache2, in this example for SUSE Linux 12.1: | * install apache2, in this example for SUSE Linux 12.1: | ||
+ | <source> | ||
yast -i apache2 | yast -i apache2 | ||
+ | </source> | ||
* enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this: | * enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this: | ||
+ | <source> | ||
APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5" | APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5" | ||
+ | </source> | ||
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block | * tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block | ||
+ | <source> | ||
<IfModule mod_proxy.c> | <IfModule mod_proxy.c> | ||
<Location /shell> | <Location /shell> | ||
Line 73: | Line 103: | ||
</Location> | </Location> | ||
</IfModule> | </IfModule> | ||
+ | </source> | ||
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet | * now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet | ||
Line 78: | Line 109: | ||
=== for Ubuntu === | === for Ubuntu === | ||
* install apache2 | * install apache2 | ||
+ | <source> | ||
apt-get install apache2 | apt-get install apache2 | ||
+ | </source> | ||
* enable apache's proxy module: | * enable apache's proxy module: | ||
+ | <source> | ||
a2enmod proxy | a2enmod proxy | ||
+ | </source> | ||
* do | * do | ||
+ | <source> | ||
ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load | ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load | ||
+ | </source> | ||
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block: | * tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block: | ||
+ | <source> | ||
<Location /shell> | <Location /shell> | ||
ProxyPass http://127.0.0.1:4200 | ProxyPass http://127.0.0.1:4200 | ||
Allow from 127.0.0.1 | Allow from 127.0.0.1 | ||
</Location> | </Location> | ||
+ | </source> | ||
* restart apache | * restart apache | ||
+ | <source> | ||
/etc/init.d/apache2 restart | /etc/init.d/apache2 restart | ||
+ | </source> | ||
* test if the module has indeed been loaded: | * test if the module has indeed been loaded: | ||
+ | <source> | ||
# apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http | # apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http | ||
proxy_http_module (shared) | proxy_http_module (shared) | ||
+ | </source> | ||
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet | * now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet | ||
Line 100: | Line 143: | ||
== cannot read valid certificate == | == cannot read valid certificate == | ||
'''Symptom:''' ShellInABoxD does not start, it tells the [[error message]]: | '''Symptom:''' ShellInABoxD does not start, it tells the [[error message]]: | ||
+ | <source> | ||
Cannot read valid certificate from "certificate.pem". Check file permissions and file format. | Cannot read valid certificate from "certificate.pem". Check file permissions and file format. | ||
+ | </source> | ||
'''Reason:''' See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody: | '''Reason:''' See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody: | ||
+ | <source> | ||
/tmp # ll certificate.pem | /tmp # ll certificate.pem | ||
-rw------- 1 nobody nogroup 2794 Aug 5 07:53 certificate.pem | -rw------- 1 nobody nogroup 2794 Aug 5 07:53 certificate.pem | ||
+ | </source> | ||
'''Solution:''' Start shellinaboxd in a directory that every user can access, e.g. /tmp: | '''Solution:''' Start shellinaboxd in a directory that every user can access, e.g. /tmp: | ||
+ | <source> | ||
cd /tmp | cd /tmp | ||
shellinaboxd & | shellinaboxd & | ||
+ | </source> | ||
== forkpty() failed == | == forkpty() failed == | ||
;Symptom: When you surf to the shellinabox page you see an error message | ;Symptom: When you surf to the shellinabox page you see an error message | ||
+ | <source> | ||
forkpty() failed | forkpty() failed | ||
+ | </source> | ||
;Solution: Kill all shellinaboxd processes and start them with root privileges: | ;Solution: Kill all shellinaboxd processes and start them with root privileges: | ||
+ | <source> | ||
killall shellinaboxd | killall shellinaboxd | ||
shellinaboxd --user=0 & disown | shellinaboxd --user=0 & disown | ||
+ | </source> | ||
== minus sign == | == minus sign == |
Latest revision as of 06:53, 24 April 2020
Shell in a Box allows you to control a computer over the network using a Linux console in a web page.
Contents
Install it
Get it
- open a console as root.
- Download shell in a box from google
<source>
wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz
</source>
- unpack it
<source>
tar xvzf shellinabox-2.14.tar.gz
</source>
-
find out your distribution and install some dependencies,
-
for SUSE Linux:
<source>
yast -i make gcc
</source>
for Ubuntu:
<source>
apt-get update
apt-get install make gcc
</source>
- build it
<source>
cd shellinabox-2.14 ./configure && make && make install
</source>
- make sure the firewall is open, here is an example for SUSE Linux:
<source>
rcSuSEfirewall2 stop
</source>
- you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:
<source>
useradd -m user passwd user
</source>
- call shell in a box
<source>
cd /tmp shellinaboxd &
</source>
- test it by surfing to your computer: http://localhost:4200
Make it persistent
You want the shell in a box daemon shellinaboxd to be started when booting your machine, so
for SUSE Linux
- add the following line to /etc/init.d/boot.local:
<source>
shellinaboxd &
</source>
- configure the firewall to always open up port 80 or stop it persistantly:
<source>
chkconfig SuSEfirewall2_setup off chkconfig SuSEfirewall2_init off
</source>
- configure apache to start on boot
<source>
chkconfig apache2 on
</source>
for Ubuntu
To start the shellinabox daemon after reboot add the following line to /etc/crontab: <source>
@reboot root /usr/local/bin/shellinaboxd &
</source> This will start the daemon only on reboot as a background job.
Use in a web server
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
for SUSE Linux
- install apache2, in this example for SUSE Linux 12.1:
<source>
yast -i apache2
</source>
- enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
<source>
APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
</source>
- tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block
<source>
<IfModule mod_proxy.c> <Location /shell> ProxyPass http://127.0.0.1:4200 </Location> </IfModule>
</source>
- now set up apache for https so your passwords are not transmitted unencrypted over the internet
for Ubuntu
- install apache2
<source>
apt-get install apache2
</source>
- enable apache's proxy module:
<source>
a2enmod proxy
</source>
- do
<source>
ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load
</source>
- tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block:
<source>
<Location /shell> ProxyPass http://127.0.0.1:4200 Allow from 127.0.0.1 </Location>
</source>
- restart apache
<source>
/etc/init.d/apache2 restart
</source>
- test if the module has indeed been loaded:
<source>
# apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http proxy_http_module (shared)
</source>
- now set up apache for https so your passwords are not transmitted unencrypted over the internet
TroubleShooting
cannot read valid certificate
Symptom: ShellInABoxD does not start, it tells the error message: <source>
Cannot read valid certificate from "certificate.pem". Check file permissions and file format.
</source>
Reason: See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody: <source>
/tmp # ll certificate.pem -rw------- 1 nobody nogroup 2794 Aug 5 07:53 certificate.pem
</source>
Solution: Start shellinaboxd in a directory that every user can access, e.g. /tmp: <source>
cd /tmp shellinaboxd &
</source>
forkpty() failed
- Symptom
- When you surf to the shellinabox page you see an error message
<source>
forkpty() failed
</source>
- Solution
- Kill all shellinaboxd processes and start them with root privileges:
<source>
killall shellinaboxd shellinaboxd --user=0 & disown
</source>
minus sign
- Symptom
- The minus sign does not work if you type it on the keypad.
- Solution
- I could fix this by using Safari instead of FireFox