scottlinux.com

Facebook Twitter RSS

shellinabox With Apache Authentication Over HTTPS 443

Published on December 15, 2010, by in linux, sysadmin.




shellinabox is an amazing web-based SSH client. It is very handy if you are not on a machine with a good terminal app, are filtered to not having port 22 available, or other uses such as a good web based shell to use while on the ChromeOS notebook.

This guide shows how to setup and install shellinabox on Ubuntu or Debian over a secure port (standard HTTPS 443) and also require a login prompt to first get to the shellinabox interface as a layer of security.


1. Grab the latest deb from the project page.

2. Install the deb:

sudo dpkg -i shellinabox*.deb

3. Edit the shellinabox init file for localhost only:

sudo nano /etc/init.d/shellinabox

Add this line under ‘Set some default values’

SHELLINABOX_ARGS="--localhost-only"


Mine looks like this now:

# Set some default values

SHELLINABOX_DATADIR="${SHELLINABOX_DATADIR:-/var/lib/shellinabox}"

SHELLINABOX_PORT="${SHELLINABOX_PORT:-4200}"

SHELLINABOX_USER="${SHELLINABOX_USER:-shellinabox}"

SHELLINABOX_GROUP="${SHELLINABOX_GROUP:-shellinabox}"

SHELLINABOX_ARGS="--localhost-only"

Now enable some apache proxy modules:

4. sudo a2enmod proxy

5. sudo a2enmod proxy_http


[If you do not want apache authentication, skip steps 6 and 7!]




6. Create an apache authenticated user (Example here creates a username admin).

sudo htpasswd -c /etc/apache2/.htpasswd admin

password:

repeat password:

7. Edit the apache2 proxy module config file to require this authenticated user for this proxy.

sudo nano /etc/apache2/mods-available/proxy.conf 

  ProxyRequests Off


        <Proxy *>

                AddDefaultCharset off

                AuthUserFile /etc/apache2/.htpasswd

                AuthName EnterPassword

                AuthType Basic

                require user admin

                Order deny,allow

                Allow from all

                #Allow from .example.com

        </Proxy>



8. Edit the default-ssl apache2 config file as described below.

sudo nano /etc/apache2/sites-available/default-ssl

AFTER the VirtualHost listing, but before the end of IfModule put something like this:

</VirtualHost>



<Location /shell>

ProxyPass http://localhost:4200/

</Location>



</IfModule>


9. Restart shellinabox and then restart apache.

sudo /etc/init.d/shellinabox restart

sudo /etc/init.d/apache2 restart

10. Browse to https://yourservername.com/shell

You should then be first prompted for the apache htpasswd authentication. Once you then supply that, you are brought to your shellinabox session, prompting for a local ssh login. All over https and port 443.

shellinabox_auth

shellinabox_screen

Sweet!

Related posts:

  1. Securing Apache and PHP
  2. Encrypt web traffic through ssh tunnel
  3. Fix Drupal Upload Progress
Tags: , , , , , ,
« »

2 Responses

  1. Andy
    March 10, 2012 at 09:50

    I get a blank page when I try this, any guesses?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Notify me of followup comments via e-mail. You can also subscribe without commenting.

(Optional) Your Twitter @
Home linux shellinabox With Apache Authentication Over HTTPS 443
© Copyleft scottlinux.com CC BY-SA 3.0