Difference between revisions of "Shell in a box"

From Linuxintro
imported>ThorstenStaerk
imported>ThorstenStaerk
 
(44 intermediate revisions by 7 users not shown)
Line 1: Line 1:
Shell in a Box allows you to [[control a computer over the network]] using a Linux console in a web page.
+
<metadesc>How to set up shellinabox, make sure it restarts after reboot and is reachable from a browser (port 80 or 443). Tested on SUSE and Ubuntu.</metadesc>
 +
Shell in a Box allows you to [[control a computer over the network]] using a Linux console in a web page.  
  
 +
= Install it =
 +
== Get it ==
 
* [[open a console]] as root.
 
* [[open a console]] as root.
  
 
* Download shell in a box from google
 
* Download shell in a box from google
  wget http://shellinabox.googlecode.com/files/shellinabox-2.10.tar.gz
+
<source>
 +
  wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz
 +
</source>
  
 
* [[unpack]] it
 
* [[unpack]] it
  [[tar]] xvzf shellinabox-2.10.tar.gz
+
<source>
 +
  tar xvzf shellinabox-2.14.tar.gz
 +
</source>
  
* [[install]] some [[dependencies]], in this example for SUSE Linux 12.1:
+
<ul>
  [[yast]] -i make
+
<li />[[find out your distribution]] and [[install]] some [[dependencies]],
 +
<ul>
 +
<li /> for SUSE Linux:
 +
<source>
 +
  yast -i make gcc
 +
</source>
 +
 
 +
<li /> for Ubuntu:
 +
<source>
 +
apt-get update
 +
apt-get install make gcc
 +
</source>
 +
</ul>
 +
</ul>
  
 
* [[build]] it
 
* [[build]] it
  [[cd]] shellinabox-2.10
+
<source>
 +
  cd shellinabox-2.14
 
  ./configure && make && make install
 
  ./configure && make && make install
 +
</source>
  
 
* make sure the firewall is open, here is an example for SUSE Linux:
 
* make sure the firewall is open, here is an example for SUSE Linux:
 +
<source>
 
  rcSuSEfirewall2 stop
 
  rcSuSEfirewall2 stop
 +
</source>
  
* add a user for shell in a box, in this example ''user''
+
* you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name ''user'' like this:
  useradd -m ''user''
+
<source>
  passwd ''user''
+
  useradd -m user
 +
  passwd user
 +
</source>
  
 
* call shell in a box
 
* call shell in a box
 +
<source>
 +
cd /tmp
 
  shellinaboxd &
 
  shellinaboxd &
 +
</source>
  
 
* test it by surfing to your computer: http://localhost:4200
 
* test it by surfing to your computer: http://localhost:4200
  
use proxypass in the [[apache]] configuration to forward to its port
+
== Make it persistent ==
 +
You want the shell in a box daemon shellinaboxd to be started when booting your machine, so
  
= Co-exist with a web server =
+
=== for SUSE Linux ===
 +
* add the following line to /etc/init.d/boot.local:
 +
<source>
 +
shellinaboxd &
 +
</source>
 +
* configure the firewall to always open up port 80 or stop it persistantly:
 +
<source>
 +
chkconfig SuSEfirewall2_setup off
 +
chkconfig SuSEfirewall2_init off
 +
</source>
 +
* configure apache to start on boot
 +
<source>
 +
chkconfig apache2 on
 +
</source>
 +
 
 +
=== for Ubuntu ===
 +
To start the shellinabox daemon after reboot add the following line to /etc/crontab:
 +
<source>
 +
@reboot root /usr/local/bin/shellinaboxd &
 +
</source>
 +
This will start the daemon only on reboot as a background job.
 +
 
 +
== Use in a web server ==
 
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
 
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
  
 +
=== for SUSE Linux ===
 
* install apache2, in this example for SUSE Linux 12.1:
 
* install apache2, in this example for SUSE Linux 12.1:
 +
<source>
 
  yast -i apache2
 
  yast -i apache2
 +
</source>
  
 
* enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
 
* enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
  APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl
+
<source>
userdir php5"
+
  APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
 +
</source>
 +
 
 +
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block
 +
<source>
 +
<IfModule mod_proxy.c>
 +
<Location /shell>
 +
    ProxyPass http://127.0.0.1:4200
 +
</Location>
 +
</IfModule>
 +
</source>
 +
 
 +
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet
 +
 
 +
=== for Ubuntu ===
 +
* install apache2
 +
<source>
 +
apt-get install apache2
 +
</source>
 +
* enable apache's proxy module:
 +
<source>
 +
a2enmod proxy
 +
</source>
 +
* do
 +
<source>
 +
ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load
 +
</source>
 +
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block:
 +
<source>
 +
<Location /shell>
 +
    ProxyPass http://127.0.0.1:4200
 +
    Allow from 127.0.0.1
 +
</Location>
 +
</source>
 +
* restart apache
 +
<source>
 +
/etc/init.d/apache2 restart
 +
</source>
 +
* test if the module has indeed been loaded:
 +
<source>
 +
# apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http
 +
  proxy_http_module (shared)
 +
</source>
 +
 
 +
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet
 +
 
 +
= TroubleShooting =
 +
 
 +
== cannot read valid certificate ==
 +
'''Symptom:''' ShellInABoxD does not start, it tells the [[error message]]:
 +
<source>
 +
Cannot read valid certificate from "certificate.pem". Check file permissions and file format.
 +
</source>
 +
 
 +
'''Reason:''' See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody:
 +
<source>
 +
/tmp # ll certificate.pem
 +
-rw------- 1 nobody nogroup 2794 Aug  5 07:53 certificate.pem
 +
</source>
 +
 
 +
'''Solution:''' Start shellinaboxd in a directory that every user can access, e.g. /tmp:
 +
<source>
 +
cd /tmp
 +
shellinaboxd &
 +
</source>
 +
 
 +
== forkpty() failed ==
 +
;Symptom: When you surf to the shellinabox page you see an error message
 +
<source>
 +
forkpty() failed
 +
</source>
 +
 
 +
;Solution: Kill all shellinaboxd processes and start them with root privileges:
 +
<source>
 +
killall shellinaboxd
 +
shellinaboxd --user=0 & disown
 +
</source>
 +
 
 +
== minus sign ==
 +
;Symptom: The minus sign does not work if you type it on the keypad.
 +
 
 +
;Solution: I could fix this by using Safari instead of [[FireFox]]
  
 
= See also =
 
= See also =
* http://http://code.google.com/p/shellinabox/
+
* [[guacAMole]]
 +
* http://code.google.com/p/shellinabox/
  
{{stub}}
+
[[Category:Tool]]
 +
[[Category:Webmaster]]

Latest revision as of 06:53, 24 April 2020

Shell in a Box allows you to control a computer over the network using a Linux console in a web page.

Install it

Get it

  • Download shell in a box from google

<source>

wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz

</source>

<source>

tar xvzf shellinabox-2.14.tar.gz

</source>

<source>

cd shellinabox-2.14
./configure && make && make install

</source>

  • make sure the firewall is open, here is an example for SUSE Linux:

<source>

rcSuSEfirewall2 stop

</source>

  • you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:

<source>

useradd -m user
passwd user

</source>

  • call shell in a box

<source>

cd /tmp
shellinaboxd &

</source>

Make it persistent

You want the shell in a box daemon shellinaboxd to be started when booting your machine, so

for SUSE Linux

  • add the following line to /etc/init.d/boot.local:

<source>

shellinaboxd &

</source>

  • configure the firewall to always open up port 80 or stop it persistantly:

<source>

chkconfig SuSEfirewall2_setup off
chkconfig SuSEfirewall2_init off

</source>

  • configure apache to start on boot

<source>

chkconfig apache2 on

</source>

for Ubuntu

To start the shellinabox daemon after reboot add the following line to /etc/crontab: <source>

@reboot root /usr/local/bin/shellinaboxd &

</source> This will start the daemon only on reboot as a background job.

Use in a web server

You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server

for SUSE Linux

  • install apache2, in this example for SUSE Linux 12.1:

<source>

yast -i apache2

</source>

  • enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:

<source>

APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"

</source>

<source>

<IfModule mod_proxy.c>
<Location /shell>
    ProxyPass http://127.0.0.1:4200
</Location>
</IfModule>

</source>

for Ubuntu

  • install apache2

<source>

apt-get install apache2

</source>

  • enable apache's proxy module:

<source>

a2enmod proxy

</source>

  • do

<source>

ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load

</source>

<source>

<Location /shell>
    ProxyPass http://127.0.0.1:4200
    Allow from 127.0.0.1
</Location>

</source>

  • restart apache

<source>

/etc/init.d/apache2 restart

</source>

  • test if the module has indeed been loaded:

<source>

# apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http
 proxy_http_module (shared)

</source>

TroubleShooting

cannot read valid certificate

Symptom: ShellInABoxD does not start, it tells the error message: <source>

Cannot read valid certificate from "certificate.pem". Check file permissions and file format.

</source>

Reason: See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody: <source>

/tmp # ll certificate.pem 
-rw------- 1 nobody nogroup 2794 Aug  5 07:53 certificate.pem

</source>

Solution: Start shellinaboxd in a directory that every user can access, e.g. /tmp: <source>

cd /tmp
shellinaboxd &

</source>

forkpty() failed

Symptom
When you surf to the shellinabox page you see an error message

<source>

forkpty() failed

</source>

Solution
Kill all shellinaboxd processes and start them with root privileges:

<source>

killall shellinaboxd
shellinaboxd --user=0 & disown

</source>

minus sign

Symptom
The minus sign does not work if you type it on the keypad.
Solution
I could fix this by using Safari instead of FireFox

See also