shellinabox With Apache Authentication Over HTTPS 443

By | 2010/12/15

shellinabox is an amazing web-based SSH client. It is very handy if you are not on a machine with a good terminal app, are filtered to not having port 22 available, or other uses such as a good web based shell to use while on the ChromeOS notebook.

This guide shows how to setup and install shellinabox on Ubuntu or Debian over a secure port (standard HTTPS 443) and also require a login prompt to first get to the shellinabox interface as a layer of security.


1. Grab the latest deb from the project page.

2. Install the deb:

sudo dpkg -i shellinabox*.deb

3. Edit the shellinabox init file for localhost only:

sudo nano /etc/init.d/shellinabox

Add this line under ‘Set some default values’

SHELLINABOX_ARGS="--localhost-only"

Mine looks like this now:

# Set some default values
SHELLINABOX_DATADIR="${SHELLINABOX_DATADIR:-/var/lib/shellinabox}"
SHELLINABOX_PORT="${SHELLINABOX_PORT:-4200}"
SHELLINABOX_USER="${SHELLINABOX_USER:-shellinabox}"
SHELLINABOX_GROUP="${SHELLINABOX_GROUP:-shellinabox}"
SHELLINABOX_ARGS="--localhost-only"

Now enable some apache proxy modules:

4. sudo a2enmod proxy

5. sudo a2enmod proxy_http


[If you do not want apache authentication, skip steps 6 and 7!]


6. Create an apache authenticated user (Example here creates a username admin).

sudo htpasswd -c /etc/apache2/.htpasswd admin

password:
repeat password:

7. Edit the apache2 proxy module config file to require this authenticated user for this proxy.

sudo nano /etc/apache2/mods-available/proxy.conf

  ProxyRequests Off
<Proxy *>
AddDefaultCharset off
AuthUserFile /etc/apache2/.htpasswd
AuthName EnterPassword
AuthType Basic
require user admin
Order deny,allow
Allow from all
#Allow from .example.com
</Proxy>

8. Edit the default-ssl apache2 config file as described below.

sudo nano /etc/apache2/sites-available/default-ssl

AFTER the VirtualHost listing, but before the end of IfModule put something like this:

</VirtualHost>

<Location /shell>
ProxyPass http://localhost:4200/
</Location>

</IfModule>

9. Restart shellinabox and then restart apache.

sudo /etc/init.d/shellinabox restart

sudo /etc/init.d/apache2 restart

10. Browse to https://yourservername.com/shell

You should then be first prompted for the apache htpasswd authentication. Once you then supply that, you are brought to your shellinabox session, prompting for a local ssh login. All over https and port 443.

shellinabox_auth shellinabox_screen

Sweet!