Shell In A Box – A Web-Based SSH Terminal to Access Remote Linux Servers

Shell In A Box (pronounced as shellinabox) is a web based terminal emulator created by Markus Gutschke. It has built-in web server that runs as a web-based SSH client on a specified port and prompt you a web terminal emulator to access and control your Linux Server SSH Shell remotely using any AJAX/JavaScript and CSS enabled browsers without the need of any additional browser plugins such as FireSSH.

In this tutorial, I describe how to install Shellinabox and access remote SSH terminal using a modern web browser on any machine. Web-based SSH is very useful when you are protected with firewall and only HTTP(s) traffic can get through.

Installing Shellinabox on Linux

By default, Shellinabox tool is included on many Linux distributions through default repositories, including Debian, Ubuntu and Linux Mint.

Make sure that your repository enabled and available to install Shellinabox from the that repository. To check, do a search for Shellinabox with the “apt-cache” command and then install it using “apt-get” command. `

On Debian, Ubuntu and Linux Mint
$ sudo apt-cache search shellinabox
$ sudo apt-get install openssl shellinabox
On RHEL, CentOS and Fedora

On Red Hat based distributions, you need to first have enable EPEL repository and then install it using the following “yum” command. (Fedora users don’t need to enable EPEL, it’s already a part of Fedora project).

# yum install openssl shellinabox

Configuring Shellinabox

By default, shellinaboxd listens on TCP port 4200 on localhost. For security reason, I change this default port to a random (i.e. 6175) to make it difficult for anyone to reach your SSH box. Also, during installation a new self-signed SSL certificate automatically created under “/var/lib/shellinabox” to use HTTPS protocol.

On Debian, Ubuntu and Linux Mint
$ sudo vi /etc/default/shellinabox
# TCP port that shellinboxd's webserver listens on
SHELLINABOX_PORT=6175

# specify the IP address of a destination SSH server
SHELLINABOX_ARGS="--o-beep -s /:SSH:172.16.25.125"

# if you want to restrict access to shellinaboxd from localhost only
SHELLINABOX_ARGS="--o-beep -s /:SSH:172.16.25.125 --localhost-only"
On RHEL, CentOS and Fedora
# vi /etc/sysconfig/shellinaboxd
# TCP port that shellinboxd's webserver listens on
PORT=6175

# specify the IP address of a destination SSH server
OPTS="-s /:SSH:172.16.25.125"

# if you want to restrict access to shellinaboxd from localhost only
OPTS="-s /:SSH:172.16.25.125 --localhost-only"

Starting Shellinabox

Once you’ve done with the configuration, you can start the service by issuing following command.

On Debian, Ubuntu and Linux Mint
$ sudo service shellinaboxd start
On RHEL and CentOS
# service shellinaboxd start
On Fedora
# systemctl enable shellinaboxd.service
# systemctl start shellinaboxd.service

Verify Shellinabox

Now let’s verify whether Shellinabox is running on port 6175 using “netstat” command.

$ sudo netstat -nap | grep shellinabox
or
# netstat -nap | grep shellinabox
tcp        0      0 0.0.0.0:6175            0.0.0.0:*               LISTEN      12274/shellinaboxd

Now open up your web browser, and navigate to https://Your-IP-Adress:6175. You should be able to see a web-based SSH terminal. Login using your username and password and you should be presented with your shell prompt.

Install Shellinabox in Linux

Shellinabox SSH Login

Shellinabox SSH Shell

Shellinabox SSH Shell

Shellinabox SSH Logout

Shellinabox SSH Logout

You can right-click to use several features and actions, including changing the look and feel of your shell.

Shellinabox More Options

Shellinabox More Options

Make sure you secure you shellinabox on firewall and open 6175 port for specific IP Address to access your Linux shell remotely.

Reference Links

Shellinabox Homepage

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

76 Responses

  1. Prudhvi says:

    Hi, you are showing to use 6175 port but in the browser picture it is showing port 4200, why?

    • Ravi Saive says:

      @Prudhvi,

      Because, shellinabox works on TCP port 4200 and for security reason, I change this default port to a random (i.e. 6175) to make it difficult for anyone to reach your SSH box.

  2. sophie says:

    Hi,
    I’d like this listening on port 443.
    How could this be run from an apache vhost configuration?

    • CoolKoon says:

      Unfortunately it cannot. Only one service can listen to a port (e.g. 443) at a time. It can be either Shellinabox OR Apache, but not both at the same time.

      • Rick says:

        You can use it together with apache with a extra config like this in the sites-available:
        I typed it over, so maybe the config is not exact, but this works

          proxypreservehost on
          proxypass  "/" "https://youropenboxserver:4200/"
          proxypassreverse "/" "https://youropenboxserver:4200/"
          servername  ssh.yoursite.com
        

        restart apache and you have an extra entry for https :)

        • CoolKoon says:

          Oh, right, via Apache’s internal proxy config. That didn’t occur to me. The lines above will probably have to go between tags though to limit it to https only (and the certificates will have to be configured as well of course).

  3. Esteban says:

    Hi

    Could I install Shell In A Box in Windows?

    Regards

    • Ravi Saive says:

      @Esteban,

      If it’s available for Windows platform, then you can install it, just check their download page and see whether its available for all architectures..

  4. Hassan says:

    1- How to SSH shellinabox using Javascript?
    2- Is it required to have a SSL certificate?
    3- Needed it because I want to pass commands from Client side to the server side(Shellinabox web server).Any help?!

  5. Razvan says:

    Hi,

    How can I configure shellinabox for auto-login?
    For example when I access my server:port for shellinabox – I want it to sign in automatically to the root user and run a predefined script. (I already configured the script correctly – you cannot ctrl +d or ctrl+c from it – and when it ends, it throws you out of the root user session without possibility to get back to it).

    Thanks,
    Razvan

  6. Kiran says:

    Hi Ravi, I have the similar requirement but I can not really install shell in a box at remote machines. We have restrictions we can not ask client to install that. But we need provide web based ssh terminal user will enter credentials to login. Do you know how this can be done?

    • Ravi Saive says:

      @Kiran,

      Yes, this can be done by using Shellinabox tool as suggested in this article.

      • Kiran says:

        but this needs to be installed on the server. This i can not do because those servers are remote and owned by different people. Can i have something without setting up on server?

        • Ravi Saive says:

          @Kiran,

          How can you have something without setting up? not possible, you need to have a tool in place to achieve the same..I hope you understand..

          • Kiran says:

            Thank you Ravi for confirming. I had the same thought but i was still searching for options since i have the requirement in my application. Now i have expert input, will have to find other alternatives.

  7. Henry says:

    Hi, I tried to install this on my centos server and there is only one user root.
    I didn’t make change to config file and tried to start it.
    It gives error below, am I missing something?
    Starting shellinaboxd: [server] Cannot look up user id “-g”!
    [FAILED]

    • Ravi Saive says:

      @Henry,

      On which version of CentOS you’re trying to install Shellinabox? the error seems new to me and also there isn’t any information about such error on web.

  8. Andreas says:

    Hi! I just have installed it on my server and will try it out when I am back in the company. Two comments:

    1. In the installation doc above on this web page you say “Starting Shellinabox” with “sudo service shellinaboxd start” but its should be “sudo service shellinabox start” without the “d”.

    2. Can I restrict shellinabox for only one single user account? I’d like to prevent the root accounts from being attacked with brute force attacks through the browser.

    -wbr, Andreas

    • Ravi Saive says:

      @Andreas,

      Thanks for findings, but different Linux OS provides different deamon names for example, in CentOS you will get shellinaboxd and whereas in Ubuntu you will get without ‘d’ at the end..

      And about user restriction in shellinabox, no idea about it, I think you should read its configuration to know more about it, might be there is a way to do it..

  9. Andreas says:

    This sounds awful to me! Any idea what port I can use, when sitting behind a firewall that blocks almost all of th ports?

    • Ravi Saive says:

      @Andreas,

      May I know on which Linux distribution you were trying? have you opened port on the firewall? or have you changed default port to custom in /etc/default/shellinabox file?

      • Andreas says:

        The targeting distribution is Ubuntu, but the problem is on the site I’m trying to access it from. The company I’m in is blocking almost all outgoing traffic. Not even sure if I could use 443, because I don’t own an official certificate. Maybe 8080 could be an option, not even sure about this. (in fact there is no information about what’s blocked). So best would be if I could use a subnet web page (on port 80) instead of using a different port. I wonder if using a subnet page and mapping it with htaccess to another port on my server, but I have to admit I’m not familiar with this stuff… Any idea?

        • Ravi Saive says:

          @Anreas,

          Sorry, but I don’t think that would be possible to allow a subnet in shellinabox configuration, let me check and get back to you if I found any solution..

  10. akash sewani says:

    can i login as root ???

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.