In this tutorial, I describe how to install Shellinabox and access a remote SSH terminal using a modern web browser on any machine. Web-based SSH access to Linux servers is very useful when you are protected with a firewall and only HTTPS traffic can get through.
Installing Shellinabox on Linux Systems
By default, the Shellinabox tool is included on Debian-based Linux distributions through default repositories using the default package manager as shown.
Install Shellinabox on Debian, Ubuntu & Mint
$ sudo apt install openssl shellinabox
Install Shellinabox on RHEL, Fedora, Rocky & AlamLinux
On Red Hat-based distributions, you need to install it from the source using the following commands.
# yum install git openssl-devel pam-devel zlib-devel autoconf automake libtool # git clone https://github.com/shellinabox/shellinabox.git && cd shellinabox # autoreconf -i # ./configure && make
Configuring Shellinabox in Linux Systems
By default, shellinaboxd listens on TCP port 4200 on localhost. For security reasons, I change this default port to a random (i.e. 6175) to make it difficult for anyone to reach your SSH box.
Also, during installation, a new self-signed SSL certificate is automatically created under “/var/lib/shellinabox” to use HTTPS protocol.
$ sudo vi /etc/default/shellinabox OR $ sudo nano /etc/default/shellinabox
Make the configuration changes as shown below…
# Should shellinaboxd start automatically SHELLINABOX_DAEMON_START=1 # TCP port that shellinboxd's webserver listens on SHELLINABOX_PORT=6175 # Parameters that are managed by the system and usually should not need # changing: # SHELLINABOX_DATADIR=/var/lib/shellinabox # SHELLINABOX_USER=shellinabox # SHELLINABOX_GROUP=shellinabox # Any optional arguments (e.g. extra service definitions). Make sure # that that argument is quoted. # # Beeps are disabled because of reports of the VLC plugin crashing # Firefox on Linux/x86_64. SHELLINABOX_ARGS="--no-beep" # specify the IP address of an SSH server OPTS="-s /:SSH:192.168.0.140" # if you want to restrict access to shellinaboxd from localhost only OPTS="-s /:SSH:192.168.0.140 --localhost-only"
Once you’ve done with the configuration, you can restart and verify the shellinabox service by issuing the following commands.
$ sudo systemctl restart shellinabox $ sudo systemctl status shellinabox
Now let’s verify whether Shellinabox is running on port 6175 using the netstat command.
$ sudo netstat -nap | grep shellinabox
Make sure you secure your shellinabox on the firewall and open the 6175 port for a specific IP Address to access your Linux shell remotely.
------- On Debian, Ubuntu and Mint ------- $ sudo ufw allow 6175/tcp $ sudo ufw allow from 192.168.0.103 to any port 6175 ------- On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux ------- $ sudo firewall-cmd --zone=public --add-port=6175/tcp $ sudo firewall-cmd --zone=public --add-source=192.168.0.103/6175 --permanent
Access Linux SSH Terminal via Web Browsers
Now open up your web browser, and navigate to https://Your-IP-Adress:6175. You should be able to see a web-based SSH terminal. Log in using your username and password and you should be presented with your shell prompt.
You can right-click to use several features and actions, including changing the look and feel of your shell.
For more information, visit the official Shellinabox github page.