Shell In A Box (pronounced as shellinabox) is a web-based terminal emulator created by Markus Gutschke. It has a built-in web server that runs as a web-based SSH client on a specified port and prompts you to a web terminal emulator to access and control your Linux Server SSH Shell remotely using any AJAX/JavaScript and CSS-enabled browsers without the need for any additional browser plugins such as FireSSH.
In this tutorial, I describe how to install Shellinabox and access a remote SSH terminal using a modern web browser on any machine. Web-based SSH access to Linux servers is very useful when you are protected with a firewall and only HTTPS traffic can get through.
Installing Shellinabox on Linux Systems
By default, the Shellinabox tool is included on Debian-based Linux distributions through default repositories using the default package manager as shown.
Install Shellinabox on Debian, Ubuntu & Mint
$ sudo apt install openssl shellinabox
Install Shellinabox on RHEL, Fedora, Rocky & AlamLinux
On Red Hat-based distributions, you need to install it from the source using the following commands.
# yum install git openssl-devel pam-devel zlib-devel autoconf automake libtool # git clone https://github.com/shellinabox/shellinabox.git && cd shellinabox # autoreconf -i # ./configure && make
Configuring Shellinabox in Linux Systems
By default, shellinaboxd listens on TCP port 4200 on localhost. For security reasons, I change this default port to a random (i.e. 6175) to make it difficult for anyone to reach your SSH box.
Also, during installation, a new self-signed SSL certificate is automatically created under “/var/lib/shellinabox” to use HTTPS protocol.
$ sudo vi /etc/default/shellinabox OR $ sudo nano /etc/default/shellinabox
Make the configuration changes as shown below…
# Should shellinaboxd start automatically SHELLINABOX_DAEMON_START=1 # TCP port that shellinboxd's webserver listens on SHELLINABOX_PORT=6175 # Parameters that are managed by the system and usually should not need # changing: # SHELLINABOX_DATADIR=/var/lib/shellinabox # SHELLINABOX_USER=shellinabox # SHELLINABOX_GROUP=shellinabox # Any optional arguments (e.g. extra service definitions). Make sure # that that argument is quoted. # # Beeps are disabled because of reports of the VLC plugin crashing # Firefox on Linux/x86_64. SHELLINABOX_ARGS="--no-beep" # specify the IP address of an SSH server OPTS="-s /:SSH:192.168.0.140" # if you want to restrict access to shellinaboxd from localhost only OPTS="-s /:SSH:192.168.0.140 --localhost-only"
Once you’ve done with the configuration, you can restart and verify the shellinabox service by issuing the following commands.
$ sudo systemctl restart shellinabox $ sudo systemctl status shellinabox
Now let’s verify whether Shellinabox is running on port 6175 using the netstat command.
$ sudo netstat -nap | grep shellinabox
Make sure you secure your shellinabox on the firewall and open the 6175 port for a specific IP Address to access your Linux shell remotely.
------- On Debian, Ubuntu and Mint ------- $ sudo ufw allow 6175/tcp $ sudo ufw allow from 192.168.0.103 to any port 6175 ------- On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux ------- $ sudo firewall-cmd --zone=public --add-port=6175/tcp $ sudo firewall-cmd --zone=public --add-source=192.168.0.103/6175 --permanent
Access Linux SSH Terminal via Web Browsers
Now open up your web browser, and navigate to https://Your-IP-Adress:6175. You should be able to see a web-based SSH terminal. Log in using your username and password and you should be presented with your shell prompt.
You can right-click to use several features and actions, including changing the look and feel of your shell.
For more information, visit the official Shellinabox github page.
It’s a very useful article for me who wants to make an IDE for a program language platform on the web.
But How do you describe how to make it using a thin client PC via the web?
Thanks.
I have two SSH services on same IP i.e on port 22 & 12344. Whenever I try to connect
https://localhost:23167, I get connected to SSH server running on port 22. How do I connect to SSH services on port 12344?Kindly suggest.
@Ujlain,
You need to specify both port numbers in the sshd_config file, and use the port number to access the SSH, like:
Good article, thanks. I found it more direct than some other pages on how to install shellinabox.
What command did you use to generate the output shown in the second to last screenshot titled “monitoring linux from Web Browser”?
@Porky,
I have used the top command, which is a Linux command line tool that prints actively running Linux processes on the system.
I discovered this issue impacts me.
https://github.com/shellinabox/shellinabox/issues/458
Hello,
I think TTYD is better, as it allows you to share the SSH terminal over the web…
@Tdim,
Thanks for sharing, yes it seems the perfect command-line tool for sharing the Linux terminal over the web…
Why are there so many sentences on this page that make no sense at all?
Make sure that your repository enabled and available to install Shellinabox from that repository.
Thank you very much for your guidance. It does work and is very useful. However, the command line
sudo service shellinaboxd startwas wrong in my Debian 9.11. I had to perform with the one
sudo service shellinabox startand it works.
Hello, I installed shellinabox on a raspberry pi. Everything works with no problem. However I’m not a Linux guy I’m still learning. I was trying to figure out open ssl but I’m having trouble.
Can someone help me to setup open ssl please?
Joseph
Is there a way to modify the encryption and key exchange used by shellinabox? We would like to limit it to ECDHE ciphers.
Hi, you are showing to use 6175 port but in the browser picture it is showing port 4200, why?
@Prudhvi,
Because, shellinabox works on TCP port 4200 and for security reason, I change this default port to a random (i.e. 6175) to make it difficult for anyone to reach your SSH box.
Hi,
I’d like this listening on port 443.
How could this be run from an apache vhost configuration?
Unfortunately it cannot. Only one service can listen to a port (e.g. 443) at a time. It can be either Shellinabox OR Apache, but not both at the same time.
You can use it together with apache with a extra config like this in the sites-available:
I typed it over, so maybe the config is not exact, but this works
restart apache and you have an extra entry for https :)
Oh, right, via Apache’s internal proxy config. That didn’t occur to me. The lines above will probably have to go between tags though to limit it to https only (and the certificates will have to be configured as well of course).
Hi
Could I install Shell In A Box in Windows?
Regards
@Esteban,
If it’s available for Windows platform, then you can install it, just check their download page and see whether its available for all architectures..
1- How to SSH shellinabox using Javascript?
2- Is it required to have a SSL certificate?
3- Needed it because I want to pass commands from Client side to the server side(Shellinabox web server).Any help?!
@Hassan,
No I don’t think its possible with JavaScript, try different tool like Wetty for the same https://www.tecmint.com/access-linux-server-terminal-in-web-browser-using-wetty/
Hi,
How can I configure shellinabox for auto-login?
For example when I access my server:port for shellinabox – I want it to sign in automatically to the root user and run a predefined script. (I already configured the script correctly – you cannot
ctrl +dorctrl+cfrom it – and when it ends, it throws you out of the root user session without the possibility of getting back to it).Thanks,
Razvan
@Razvan,
I don’t think that would be possible with Shellinabox, why not try it via SSH?
You can do this with the
-sargument.Do you know the exact command to avoid login?
Hi Ravi, I have the similar requirement but I can not really install shell in a box at remote machines. We have restrictions we can not ask client to install that. But we need provide web based ssh terminal user will enter credentials to login. Do you know how this can be done?
@Kiran,
Yes, this can be done by using Shellinabox tool as suggested in this article.
but this needs to be installed on the server. This i can not do because those servers are remote and owned by different people. Can i have something without setting up on server?
@Kiran,
How can you have something without setting up? not possible, you need to have a tool in place to achieve the same..I hope you understand..
Thank you Ravi for confirming. I had the same thought but i was still searching for options since i have the requirement in my application. Now i have expert input, will have to find other alternatives.
Hi, I tried to install this on my centos server and there is only one user root.
I didn’t make change to config file and tried to start it.
It gives error below, am I missing something?
Starting shellinaboxd: [server] Cannot look up user id “-g”!
[FAILED]
@Henry,
On which version of CentOS you’re trying to install Shellinabox? the error seems new to me and also there isn’t any information about such error on web.
Hi! I just have installed it on my server and will try it out when I am back in the company. Two comments:
1. In the installation doc above on this web page you say “Starting Shellinabox” with “sudo service shellinaboxd start” but its should be “sudo service shellinabox start” without the “d”.
2. Can I restrict shellinabox for only one single user account? I’d like to prevent the root accounts from being attacked with brute force attacks through the browser.
-wbr, Andreas
@Andreas,
Thanks for findings, but different Linux OS provides different deamon names for example, in CentOS you will get shellinaboxd and whereas in Ubuntu you will get without ‘d’ at the end..
And about user restriction in shellinabox, no idea about it, I think you should read its configuration to know more about it, might be there is a way to do it..
Thanks anyway!
This sounds awful to me! Any idea what port I can use, when sitting behind a firewall that blocks almost all of th ports?
@Andreas,
May I know on which Linux distribution you were trying? have you opened port on the firewall? or have you changed default port to custom in /etc/default/shellinabox file?
The targeting distribution is Ubuntu, but the problem is on the site I’m trying to access it from. The company I’m in is blocking almost all outgoing traffic. Not even sure if I could use 443, because I don’t own an official certificate. Maybe 8080 could be an option, not even sure about this. (in fact there is no information about what’s blocked). So best would be if I could use a subnet web page (on port 80) instead of using a different port. I wonder if using a subnet page and mapping it with htaccess to another port on my server, but I have to admit I’m not familiar with this stuff… Any idea?
@Anreas,
Sorry, but I don’t think that would be possible to allow a subnet in shellinabox configuration, let me check and get back to you if I found any solution..
can i login as root ???
@Akash,
Yes you can login as root user in shellinabox..
great, just I need to know where the service put the log file in case is active? this is beause I have fail2ban, and I want to have the rules. Thanks anyway
Thank you very much for this useful posting.
My problem is, that I can only use the port 443 via browser.
I can not call https://IP:4220 but only https://IP (which is :443) – because of firewalls.
I have on my root server some virtual hosts.
How I can configure the Apache on one particular virtual host getting the requests https://IP forwarding them to the ShellInABox?
@Sofa,
Have you tried adding 443 in shellinaboxd file? add it and try to browse like this:
Hi There, Now I’m using Shellinabox on my server, I want to record all the operations on the server by shellinabox, and write then to the dababase. It seems shellinabox is wroten with C, I can’t find the variable of username and user’s input. Could you give me some tips? Thank you very much!!!
@Devin,
That’s good to keep records of server activity, but Shellinabox doesn’t provide such monitoring feature, it’s just an simple tool to access your SSH via a modern secure web interface. If you really want to keep a eye on server, you should go for any of the monitoring tool mentioned here.
https://www.tecmint.com/command-line-tools-to-monitor-linux-performance/
It seems like shellinabox works fine for localhost but do not forward ssh session to destination remote host.
Scenario: my setup has two servers: Server A with eth0 (public ipaddress) and eth1 (private ip address) and server B connected to eth1 of server A.
Both server A and B has sshd running. Shellinabox is running on server A alognside apache2. Getting to server A ssh server through https is nto an issue but ssh session to server B is not working. I have modified /etc/default/shellinabox with destination ipaddress of server B for ssh session, but it is not working. Any help would be greatly appreciated, perhaps I am not using correct commands to include destination ipaddress and username and port number for remote SSH server (server B).
Thanks
Dhiman
I like to integrate this to my website if public key can be used for login, any help?
@Anand,
I don’t think Shellinabox supports public key authentication. Did you tried it?
how did i use this shellinabox to acces AWS server with a private key?
@Jeya,
I don’t think it support private key feature, but you can restrict access to specific IP address on specific port….
@Craig – useful for remote access. My employers block all ports outbound except web via proxy which does ssl termination For packet inspection.
Hopefully this will work to access my machines at home
Why? What is wrong with ‘ssh’ from the terminal. So you are installing an additional server on your system just to support something it should already do?
I don’t get it!
Now if its just for the, hey I am a hacker and I like to do bizzarre stuff … then that makes some sense :o)
Craig
For example I want to access to my server while I am playing. Steam does not allow own apps (like PuTTy) on Steam overlay -> I want to check IRC/Facebook chat (via BitlBee on my server) when I am waiting to CS:go round to end.
Awesome! No more putty. :)
Is there a way to login a user while starting this interface?
Do you have an idea about this, I’m facing the same problem.
@Glen,
Whick problem? can you explain more about your problem..
hi..
any idea on how to name the tabs as perthe routers hostname..
Report at step <>
LSB_RELEASE NOTE
Ubuntu 14.04 LTS
….
CONFIGUREATION
SHELLINABOX_ARGS=”–o-beep -s /:SSH:myIpAddr –localhost-only”
ERROR
sudo service shellinabox start
/usr/bin/shellinaboxd: unrecognized option ‘–o-beep’
CHANGE
I change the option to ‘–no-beep’ it is OK.
SHELLINABOX_ARGS=”–no-beep -s /:SSH:myIpAddr –localhost-only”
Does not seem to work on RedHat 6.1 even though the installation and verification works fine. I can see the port is listening but cannot establish connection from outside the server.
you need disable iptables in your linux
Else, you can open port 80 on the firewall iptables.
hello people
i am trying configure the keyboard for to use the letter Ñ, because i am in mexico, whats parameters i need to use and which files will be changed?
Not working in IE11, FIREFOX 28.0,
Chrome 33.0.1750.154 m works fine.
When I try to execute the command
I met with the following error
#service shellinaboxd start
Starting shellinaboxd: Cannot look up user id “-g”
But if i check the #service shellinaboxd status
It displays shellinaboxd is stopped
Any idea how to start it?
Did you ever figure this out? There doesn’t seem to be any real information on this. I can start it by executing it in the foreground but for some reason the service doesn’t want to work.
Got it up and running by using the following;
/etc/init.d/shellinaboxd start
After adding the following to /etc/sysconfig/shellinaboxd
USER=
GROUP=
CERTDIR=/var/lib/shellinabox
in addition to the ones specified above.
Important updates to documentation, courtesy of JT
http://planspace.org/2014/02/13/official-geekyback-and-ssh-in-a-box-lyrics/
Thanks for this good article :)
Perfect! Worked perfectly on Debian 7 My. Fine contribution.
Nice post, worked fined for me :-)
I’m connecting from Ubuntu, it’s working from Firefox but not from chrome (nothing’s display on chrome…)
So if you have problem with chrome have a try with another brother.
Hay it worked! Nice article.
But it does not work with some browsers which browser on windows 8 maybe…
Thanks. I solved.
I just changed my /etc/sysconfig/shellinaboxd file:
OPTS=” -s /:SSH”
and It worked fine
Hello.
Thanks for this good article.
Maybe you can tell where to look for
My server is a Centos linux box
When I do the connection I get:
181 login:
I type root
The prompt for Password never appears.
Any idea?
Didn’t you have a problem starting shellinabox on Debian? When i installed it from reposotory (apt-get install) it had worked fine until I restarted the mashine and then it can not be start automaticly.
It also can not be start by command service shellinabox start, producing the error message Cannot look up group “shellinabox”.
Has anybody faced this problem yet?
Thanks for the article. I need to run a shell script on a remote machine (BOX A) interactively from the browser (Client). Currently, i am able to run a script on a remote machine (BOX A) using the php and ssh running on appache webserver(BOX B). The php is on a webserver(BOX B) and Shellscirpt on remote machine (BOX A). But I need to key any input/prompt that needs user input, i can;t get to the remote machine. Can you please tell me how to achieve this.
I didn’t understand your question, can you clearly clarify.
When I type my username then press enter it will automatically closed session then I have to click the connect the button again then again and again and again….
This required live (fix) ip address from your ISP? Or can we achieve the same with out it? Please help.
-Y
It does require a public IP address as any other public Internet service (e.g. web, FTP, SMTP etc.), but it doesn’t have to be a fixed IP. You need to know the system’s current IP in order to be able to connect though of course….
Thanks for this article. I wanted to point out that to start it up on RHEL and CentOS you need to add the “d” at the end, thus
“service shellinaboxd start”
Thanks, corrected in write-up.
I’m using Debian and I used to work
# service shellinabox restart
Either way thank you very much.
Hi Ravi, another great post!
I’m using Ubuntu 12.04.3 LTS and the apt-get install openssl shellinabox didn’t work (i checked everything with the repositories and everything was ok.
To install it, i did this:
# wget http://archive.ubuntu.com/ubuntu/pool/universe/s/shellinabox/shellinabox_2.14-1_i386.deb (for the 32bit version)
#dpkg -i shellinabox_2.14-1_i386.deb
Got this tips from: http://www.linuxplained.com/install-shellinabox-on-ubuntu/
Keep up the good work!
Yeah! thanks for findings, will update the article and include manual installation.
Excellent article worked like a charm.