Difference between revisions of "Shell in a box"

From Linuxintro
imported>ThorstenStaerk
imported>ThorstenStaerk
 
(9 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 
<metadesc>How to set up shellinabox, make sure it restarts after reboot and is reachable from a browser (port 80 or 443). Tested on SUSE and Ubuntu.</metadesc>
 
<metadesc>How to set up shellinabox, make sure it restarts after reboot and is reachable from a browser (port 80 or 443). Tested on SUSE and Ubuntu.</metadesc>
Shell in a Box allows you to [[control a computer over the network]] using a Linux console in a web page. To do it, [[find out your distribution]] and proceed accordingly.
+
Shell in a Box allows you to [[control a computer over the network]] using a Linux console in a web page.  
  
= SUSE 12.1-13.1 =
+
= Install it =
 
== Get it ==
 
== Get it ==
 
* [[open a console]] as root.
 
* [[open a console]] as root.
  
 
* Download shell in a box from google
 
* Download shell in a box from google
 +
<source>
 
  wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz
 
  wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz
 +
</source>
  
 
* [[unpack]] it
 
* [[unpack]] it
  [[tar]] xvzf shellinabox-2.14.tar.gz
+
<source>
 +
  tar xvzf shellinabox-2.14.tar.gz
 +
</source>
  
* [[install]] some [[dependencies]], in this example for SUSE Linux 12.1:
+
<ul>
  [[yast]] -i make gcc
+
<li />[[find out your distribution]] and [[install]] some [[dependencies]],
 +
<ul>
 +
<li /> for SUSE Linux:
 +
<source>
 +
  yast -i make gcc
 +
</source>
 +
 
 +
<li /> for Ubuntu:
 +
<source>
 +
apt-get update
 +
apt-get install make gcc
 +
</source>
 +
</ul>
 +
</ul>
  
 
* [[build]] it
 
* [[build]] it
  [[cd]] shellinabox-2.14
+
<source>
 +
  cd shellinabox-2.14
 
  ./configure && make && make install
 
  ./configure && make && make install
 +
</source>
  
 
* make sure the firewall is open, here is an example for SUSE Linux:
 
* make sure the firewall is open, here is an example for SUSE Linux:
 +
<source>
 
  rcSuSEfirewall2 stop
 
  rcSuSEfirewall2 stop
 +
</source>
  
 
* you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name ''user'' like this:
 
* you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name ''user'' like this:
  useradd -m ''user''
+
<source>
  passwd ''user''
+
  useradd -m user
 +
  passwd user
 +
</source>
  
 
* call shell in a box
 
* call shell in a box
 +
<source>
 
  cd /tmp
 
  cd /tmp
 
  shellinaboxd &
 
  shellinaboxd &
 +
</source>
  
 
* test it by surfing to your computer: http://localhost:4200
 
* test it by surfing to your computer: http://localhost:4200
Line 34: Line 59:
 
== Make it persistent ==
 
== Make it persistent ==
 
You want the shell in a box daemon shellinaboxd to be started when booting your machine, so  
 
You want the shell in a box daemon shellinaboxd to be started when booting your machine, so  
 +
 +
=== for SUSE Linux ===
 
* add the following line to /etc/init.d/boot.local:
 
* add the following line to /etc/init.d/boot.local:
 +
<source>
 
  shellinaboxd &
 
  shellinaboxd &
 +
</source>
 
* configure the firewall to always open up port 80 or stop it persistantly:
 
* configure the firewall to always open up port 80 or stop it persistantly:
  [[chkconfig]] SuSEfirewall2_setup off
+
<source>
 +
  chkconfig SuSEfirewall2_setup off
 
  chkconfig SuSEfirewall2_init off
 
  chkconfig SuSEfirewall2_init off
 +
</source>
 
* configure apache to start on boot
 
* configure apache to start on boot
 +
<source>
 
  chkconfig apache2 on
 
  chkconfig apache2 on
 +
</source>
 +
 +
=== for Ubuntu ===
 +
To start the shellinabox daemon after reboot add the following line to /etc/crontab:
 +
<source>
 +
@reboot root /usr/local/bin/shellinaboxd &
 +
</source>
 +
This will start the daemon only on reboot as a background job.
  
 
== Use in a web server ==
 
== Use in a web server ==
 
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
 
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
  
 +
=== for SUSE Linux ===
 
* install apache2, in this example for SUSE Linux 12.1:
 
* install apache2, in this example for SUSE Linux 12.1:
 +
<source>
 
  yast -i apache2
 
  yast -i apache2
 +
</source>
  
 
* enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
 
* enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:
 +
<source>
 
  APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
 
  APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"
 +
</source>
  
 
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block  
 
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/default-server.conf, add a block  
 +
<source>
 
  <IfModule mod_proxy.c>
 
  <IfModule mod_proxy.c>
 
  <Location /shell>
 
  <Location /shell>
Line 57: Line 103:
 
  </Location>
 
  </Location>
 
  </IfModule>
 
  </IfModule>
 +
</source>
  
 
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet
 
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet
  
= Ubuntu =
+
=== for Ubuntu ===
== Get it ==
 
* [[open a console]] as root.
 
 
 
* Download shell in a box from google
 
wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz
 
 
 
* [[unpack]] it
 
[[tar]] xvzf shellinabox-2.14.tar.gz
 
 
 
* [[install]] some [[dependencies]]:
 
apt-get update
 
apt-get install gcc
 
apt-get install make
 
 
 
* [[build]] it
 
[[cd]] shellinabox-2.14
 
./configure && make && make install
 
 
 
* you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name ''user'' like this:
 
useradd -m ''user''
 
passwd ''password''
 
 
 
* call shell in a box
 
cd /tmp
 
shellinaboxd &
 
 
 
* test it by surfing to your computer: http://localhost:4200
 
 
 
== make it persistent ==
 
To start the shellinabox daemon after reboot add the following line to /etc/crontab:
 
@reboot root /usr/local/bin/shellinaboxd &
 
This will start the daemon only on reboot as a background job.
 
 
 
== Use in a web server ==
 
You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server
 
 
 
 
* install apache2
 
* install apache2
 +
<source>
 
  apt-get install apache2
 
  apt-get install apache2
 +
</source>
 
* enable apache's proxy module:
 
* enable apache's proxy module:
 +
<source>
 
  a2enmod proxy
 
  a2enmod proxy
 +
</source>
 
* do
 
* do
 +
<source>
 
  ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load
 
  ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load
 +
</source>
 
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block:
 
* tell apache that if someone calls http://yourserver.yourdomain/shell this is forwarded to http://yourserver.yourdomain:4200 internally. To do this, edit /etc/apache2/sites-enabled/000-default, add a block:
 +
<source>
 
  <Location /shell>
 
  <Location /shell>
 
     ProxyPass http://127.0.0.1:4200
 
     ProxyPass http://127.0.0.1:4200
 
     Allow from 127.0.0.1
 
     Allow from 127.0.0.1
 
  </Location>
 
  </Location>
 +
</source>
 
* restart apache
 
* restart apache
 +
<source>
 
  /etc/init.d/apache2 restart
 
  /etc/init.d/apache2 restart
 +
</source>
 
* test if the module has indeed been loaded:
 
* test if the module has indeed been loaded:
 +
<source>
 
  # apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http
 
  # apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http
 
   proxy_http_module (shared)
 
   proxy_http_module (shared)
 +
</source>
  
 
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet
 
* now [[set up apache for https]] so your passwords are not transmitted unencrypted over the internet
Line 120: Line 143:
 
== cannot read valid certificate ==
 
== cannot read valid certificate ==
 
'''Symptom:''' ShellInABoxD does not start, it tells the [[error message]]:
 
'''Symptom:''' ShellInABoxD does not start, it tells the [[error message]]:
 +
<source>
 
  Cannot read valid certificate from "certificate.pem". Check file permissions and file format.
 
  Cannot read valid certificate from "certificate.pem". Check file permissions and file format.
 +
</source>
  
 
'''Reason:''' See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody:
 
'''Reason:''' See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody:
 +
<source>
 
  /tmp # ll certificate.pem  
 
  /tmp # ll certificate.pem  
 
  -rw------- 1 nobody nogroup 2794 Aug  5 07:53 certificate.pem
 
  -rw------- 1 nobody nogroup 2794 Aug  5 07:53 certificate.pem
 +
</source>
  
 
'''Solution:''' Start shellinaboxd in a directory that every user can access, e.g. /tmp:
 
'''Solution:''' Start shellinaboxd in a directory that every user can access, e.g. /tmp:
 +
<source>
 
  cd /tmp
 
  cd /tmp
 
  shellinaboxd &
 
  shellinaboxd &
 +
</source>
  
 
== forkpty() failed ==
 
== forkpty() failed ==
 
;Symptom: When you surf to the shellinabox page you see an error message
 
;Symptom: When you surf to the shellinabox page you see an error message
 +
<source>
 
  forkpty() failed
 
  forkpty() failed
 +
</source>
  
;Reason: shellinabox makes use of pseudo-terminals. If your server is on a virtualization platform that shares these resources, they can get used up by other customers of your server's hoster.
+
;Solution: Kill all shellinaboxd processes and start them with root privileges:
 
+
<source>
;Solution: Go to a hoster that uses full virtualization or paravirtualization, but not containering.
+
killall shellinaboxd
 +
shellinaboxd --user=0 & disown
 +
</source>
  
 
== minus sign ==
 
== minus sign ==

Latest revision as of 06:53, 24 April 2020

Shell in a Box allows you to control a computer over the network using a Linux console in a web page.

Install it

Get it

  • Download shell in a box from google

<source>

wget http://shellinabox.googlecode.com/files/shellinabox-2.14.tar.gz

</source>

<source>

tar xvzf shellinabox-2.14.tar.gz

</source>

<source>

cd shellinabox-2.14
./configure && make && make install

</source>

  • make sure the firewall is open, here is an example for SUSE Linux:

<source>

rcSuSEfirewall2 stop

</source>

  • you are not allowed to log in as root, so make sure you have at least one ordinary user. Add a user name user like this:

<source>

useradd -m user
passwd user

</source>

  • call shell in a box

<source>

cd /tmp
shellinaboxd &

</source>

Make it persistent

You want the shell in a box daemon shellinaboxd to be started when booting your machine, so

for SUSE Linux

  • add the following line to /etc/init.d/boot.local:

<source>

shellinaboxd &

</source>

  • configure the firewall to always open up port 80 or stop it persistantly:

<source>

chkconfig SuSEfirewall2_setup off
chkconfig SuSEfirewall2_init off

</source>

  • configure apache to start on boot

<source>

chkconfig apache2 on

</source>

for Ubuntu

To start the shellinabox daemon after reboot add the following line to /etc/crontab: <source>

@reboot root /usr/local/bin/shellinaboxd &

</source> This will start the daemon only on reboot as a background job.

Use in a web server

You probably want shell in a box to be reachable via port 80 (so you can use it from within a typical corporate network) and you may want to run a web server on the same machine. So here is how you integrate shell in a box into an Apache2 web server

for SUSE Linux

  • install apache2, in this example for SUSE Linux 12.1:

<source>

yast -i apache2

</source>

  • enable a reverse proxy. To do this, edit /etc/sysconfig/apache2 and add the following words to APACHE_MODULES: proxy proxy_http. In the end your line may read like this:

<source>

APACHE_MODULES="actions alias auth_basic proxy proxy_http authn_file authz_host authz_groupfile authz_default authz_user autoindex cgi dir env expires include log_config mime negotiation setenvif ssl userdir php5"

</source>

<source>

<IfModule mod_proxy.c>
<Location /shell>
    ProxyPass http://127.0.0.1:4200
</Location>
</IfModule>

</source>

for Ubuntu

  • install apache2

<source>

apt-get install apache2

</source>

  • enable apache's proxy module:

<source>

a2enmod proxy

</source>

  • do

<source>

ln -s /etc/apache2/mods-available/proxy_http.load /etc/apache2/mods-enabled/proxy_http.load

</source>

<source>

<Location /shell>
    ProxyPass http://127.0.0.1:4200
    Allow from 127.0.0.1
</Location>

</source>

  • restart apache

<source>

/etc/init.d/apache2 restart

</source>

  • test if the module has indeed been loaded:

<source>

# apache2ctl -t -D DUMP_MODULES 2>&1 | grep proxy_http
 proxy_http_module (shared)

</source>

TroubleShooting

cannot read valid certificate

Symptom: ShellInABoxD does not start, it tells the error message: <source>

Cannot read valid certificate from "certificate.pem". Check file permissions and file format.

</source>

Reason: See http://code.google.com/p/shellinabox/issues/detail?id=59. ShellInABoxD tries to create a file certificate.pem in the folder where it is started as user nobody: <source>

/tmp # ll certificate.pem 
-rw------- 1 nobody nogroup 2794 Aug  5 07:53 certificate.pem

</source>

Solution: Start shellinaboxd in a directory that every user can access, e.g. /tmp: <source>

cd /tmp
shellinaboxd &

</source>

forkpty() failed

Symptom
When you surf to the shellinabox page you see an error message

<source>

forkpty() failed

</source>

Solution
Kill all shellinaboxd processes and start them with root privileges:

<source>

killall shellinaboxd
shellinaboxd --user=0 & disown

</source>

minus sign

Symptom
The minus sign does not work if you type it on the keypad.
Solution
I could fix this by using Safari instead of FireFox

See also