Shell in a Box allows you to control a computer over the network using a Linux console in a web page.

Install it

Get it

• open a console as root.

• Download shell in a box from google

<source>

wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz

</source>

• unpack it

<source>

tar xvzf shellinabox-2.14.tar.gz

</source>

find out your distribution and install some dependencies,
for SUSE Linux: <source> yast -i make gcc </source>
for Ubuntu: <source> apt-get update apt-get install make gcc </source>

• build it

<source>

cd shellinabox-2.14
./configure && make && make install

</source>

• make sure the firewall is open, here is an example for SUSE Linux:

<source>

rcSuSEfirewall2 stop

</source>

• you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:

<source>

useradd -m user
passwd user

</source>

• call shell in a box

<source>

cd /tmp
shellinaboxd &

</source>

• test it by surfing to your computer: http://localhost:4200

Make it persistent

You want the shell in a box daemon shellinaboxd to be started when booting your machine, so

for SUSE Linux

• add the following line to /etc/init.d/boot.local:

<source>

shellinaboxd &

</source>

• configure the firewall to always open up port 80 or stop it persistantly:

<source>

chkconfig SuSEfirewall2_setup off
chkconfig SuSEfirewall2_init off

</source>

• configure apache to start on boot

<source>

chkconfig apache2 on

</source>

for Ubuntu

To start the shellinabox daemon after reboot add the following line to /etc/crontab: <source>

@reboot root /usr/local/bin/shellinaboxd &

</source> This will start the daemon only on reboot as a background job.

Use in a web server

You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server

for SUSE Linux

• install apache2, in this example for SUSE Linux 12.1:

<source>

yast -i apache2

</source>

• enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:

<source>

APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"

</source>

• tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block

<source>

<IfModule mod_proxy.c>
<Location /shell>
    ProxyPass http://127.0.0.1:4200
</Location>
</IfModule>

</source>

• now set up apache for https so your passwords are not transmitted unencrypted over the internet

for Ubuntu

• install apache2

<source>

apt-get install apache2

</source>

• enable apache's proxy module:

<source>

a2enmod proxy

</source>

• do

<source>

ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load

</source>

• tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block:

<source>

<Location /shell>
    ProxyPass http://127.0.0.1:4200
    Allow from 127.0.0.1
</Location>

</source>

• restart apache

<source>

/etc/init.d/apache2 restart

</source>

• test if the module has indeed been loaded:

<source>

# apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http
 proxy_http_module (shared)

</source>

• now set up apache for https so your passwords are not transmitted unencrypted over the internet

TroubleShooting

cannot read valid certificate

Symptom: ShellInABoxD does not start, it tells the error message: <source>

Cannot read valid certificate from "certificate.pem". Check file permissions and file format.

</source>

Reason: See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody: <source>

/tmp # ll certificate.pem 
-rw------- 1 nobody nogroup 2794 Aug  5 07:53 certificate.pem

</source>

Solution: Start shellinaboxd in a directory that every user can access, e.g. /tmp: <source>

cd /tmp
shellinaboxd &

</source>

forkpty() failed

Symptom

When you surf to the shellinabox page you see an error message

<source>

forkpty() failed

</source>

Solution

Kill all shellinaboxd processes and start them with root privileges:

<source>

killall shellinaboxd
shellinaboxd --user=0 & disown

</source>

minus sign

Symptom

The minus sign does not work if you type it on the keypad.

Solution

I could fix this by using Safari instead of FireFox

See also

• guacAMole
• http://code.google.com/p/shellinabox/