Web Based SSH Console for Remote Linux Management

Having a web-based SSH console can be a game-changer for remote Linux management.

It allows you to access and manage your Linux servers from anywhere with an internet connection, using a web browser.

This is particularly useful for administrators who need to troubleshoot or manage servers remotely, but don't have access to a physical console.

With a web-based SSH console, you can securely access your servers using HTTPS and authenticate with your username and password.

You can even use two-factor authentication for added security, making it a reliable option for remote management.

This feature is typically provided by the SSH server software, such as OpenSSH, which is widely used in Linux systems.

Shellinabox is a tool that allows you to access your Linux system's SSH terminal via a web browser.

By default, Shellinabox is included on Debian-based Linux distributions through default repositories using the default package manager.

To install Shellinabox on RHEL, Fedora, Rocky, and AlmaLinux, you can follow a tutorial from TecMint, created by a team of experienced Linux system administrators.

Shellinabox can be installed on various Linux systems, but the installation process may vary depending on the distribution you're using.

You can install Shellinabox on Debian-based systems by using the default package manager, while on other systems, you may need to follow a different installation process.

To install Shellinabox on RHEL, Fedora, Rocky, and AlmaLinux, you can follow a tutorial that meets high-quality standards.

Shellinabox is a powerful tool that allows you to access your Linux system's SSH terminal from a web browser, making it a great option for remote access.

By default, Shellinabox listens on TCP port 4200 on localhost, but for security reasons, it's recommended to change this default port to a random one, like 6175.

Shellinabox listens on TCP port 4200 on localhost by default. This is a security risk, so it's best to change the default port to a random one, such as 6175.

A self-signed SSL certificate is automatically created under "/var/lib/shellinabox" during installation to use the HTTPS protocol. This certificate is used to secure the connection between the client and the server.

To make configuration changes, you'll need to edit the settings to reflect the new port number. This is done to prevent unauthorized access to your SSH box.

Once you've made the changes, you'll need to restart the shellinabox service to apply the new settings. This can be done using the usual commands.

To verify that shellinabox is running on the new port, you can use the netstat command. This will show you which ports are in use and by which processes.

It's essential to secure your shellinabox on the firewall and open the 6175 port for a specific IP Address to access your Linux shell remotely.

You can access Linux SSH terminal via web browsers by navigating to https://Your-IP-Adress:6175.

This will open a web-based SSH terminal where you can log in with your username and password, and you should be presented with your shell prompt.

WeTTY is another option for accessing a terminal within a web browser, making it easily accessible from any machine with internet access without requiring additional software installations.

WeTTY provides a web-based interface that allows users to access a command-line interface through their web browser, essentially making it a terminal emulator software that runs over HTTP and HTTPS.

To deploy a containerized web-based SSH, you'll need to have Docker and Docker Compose installed on your system. Docker is a requirement, and if you don't already have it installed, you can follow one of the guides listed below.

Docker Compose is also essential, but it's provided separately from Docker. To install it, you'll need to have Docker installed first. You can install Docker Compose by running two simple commands.

WeTTY is a terminal emulator software that runs over HTTP and HTTPS, allowing users to access a command-line interface through their web browser.

It's essentially a web-based interface that provides a terminal within a web browser, making it easily accessible from any machine with internet access.

No additional software installations are required to use WeTTY, which is a major advantage over traditional terminal access methods.

WeTTY can be accessed via a web browser by navigating to a specific URL, such as https://Your-IP-Address:6175.

To deploy a containerized web-based SSH, you'll need two essential components: Docker and Docker Compose. Docker is a must-have, and if you're new to it, installing it on your Linux system is a breeze.

The guides for installing Docker on various Linux distributions are numerous. You can find step-by-step instructions for Ubuntu 22.04Debian 12 (Bullseye)AlmaLinux / Rocky LinuxFedoraLinux Mint 21Raspberry Pi systems online.

Docker Compose is another crucial component, but it's provided separately from Docker. This means you'll need to install Docker first, or Docker Compose won't function. Fortunately, installing Docker Compose is straightforward, and you can do it by typing two simple commands.

You can configure Shellinabox to run on a non-standard port for added security, such as port 6175. This makes it more difficult for unauthorized access.

To secure your shellinabox, make sure to open the new port number in your firewall and restrict access to a specific IP address. This will prevent anyone from accessing your Linux shell remotely.

It's also a good idea to run Shellinabox behind a reverse proxy server, such as NGINX, to access it securely over HTTPS. This will also allow you to use two-factor authentication for an extra layer of security.

You can run Shell NGN behind a proxy server to access it securely on an HTTPS URL. This setup is a good idea to ensure your connection is secure.

To set up a reverse proxy, you can check out the article on using NGINX proxy manager. It's a great resource to learn the ropes.

Having a reverse proxy server can also help you access Shell NGN securely, and you can log into it using the built-in 2FA feature. If you have a PRO business license, you can set up 2FA for each individual account.

Personally, I've configured 2FA inside Bitwarden password manager, and it's worked out great. There are no issues with support or operations.

Managing Keys is a crucial aspect of Bastillion's security features. By default, Bastillion will overwrite all values in the specified authorized_keys file for a system, but you can disable key management by editing the BastillionConfig.properties file.

If key management is enabled, you can specify the refresh interval in the BastillionConfig.properties file, which is updated periodically based on the relationships defined in the application. This ensures that your SSH keys are always up-to-date.

Bastillion generates its own public/private SSH key upon initial startup for use when registering systems, but you can specify a custom SSH key pair in the BastillionConfig.properties file. This allows you to use your own keys instead of the default ones generated by Bastillion.

To use a custom SSH key pair, you'll need to specify the key paths and passphrase in the BastillionConfig.properties file. After startup and once the key has been registered, you can then remove it from the system, and the passphrase and key paths will be removed from the configuration file.

External Authentication is a powerful feature that allows you to manage access to your systems securely.

To enable External Authentication, you'll need to configure the BastillionConfig.properties file.

Connection details for external authentication must be set in the jaas.conf file.

Administrators will be automatically added as they are authenticated, and full-privileged users can assign system profiles to them.

User LDAP roles can be mapped to Bastillion profiles using the org.eclipse.jetty.jaas.spi.LdapLoginModule.

Users will be added to or removed from defined profiles based on their login and matching role names.