Web Based SSH Console for Remote Linux Management

Author

Reads 637

Person Using Laptop
Credit: pexels.com, Person Using Laptop

Having a web-based SSH console can be a game-changer for remote Linux management.

It allows you to access and manage your Linux servers from anywhere with an internet connection, using a web browser.

This is particularly useful for administrators who need to troubleshoot or manage servers remotely, but don't have access to a physical console.

With a web-based SSH console, you can securely access your servers using HTTPS and authenticate with your username and password.

You can even use two-factor authentication for added security, making it a reliable option for remote management.

This feature is typically provided by the SSH server software, such as OpenSSH, which is widely used in Linux systems.

Installing Shellinabox

Shellinabox is a tool that allows you to access your Linux system's SSH terminal via a web browser.

By default, Shellinabox is included on Debian-based Linux distributions through default repositories using the default package manager.

To install Shellinabox on RHEL, Fedora, Rocky, and AlmaLinux, you can follow a tutorial from TecMint, created by a team of experienced Linux system administrators.

Credit: youtube.com, "Shell In A Box" | shellinabox | A Web-Based SSH Terminal Remote Linux Ubuntu By Amit Pandey

Shellinabox can be installed on various Linux systems, but the installation process may vary depending on the distribution you're using.

You can install Shellinabox on Debian-based systems by using the default package manager, while on other systems, you may need to follow a different installation process.

To install Shellinabox on RHEL, Fedora, Rocky, and AlmaLinux, you can follow a tutorial that meets high-quality standards.

Shellinabox is a powerful tool that allows you to access your Linux system's SSH terminal from a web browser, making it a great option for remote access.

By default, Shellinabox listens on TCP port 4200 on localhost, but for security reasons, it's recommended to change this default port to a random one, like 6175.

Configuring Shellinabox

Shellinabox listens on TCP port 4200 on localhost by default. This is a security risk, so it's best to change the default port to a random one, such as 6175.

A self-signed SSL certificate is automatically created under "/var/lib/shellinabox" during installation to use the HTTPS protocol. This certificate is used to secure the connection between the client and the server.

Credit: youtube.com, How to Install Shell In A Box on Ubuntu Server Web Based SSH Access 1

To make configuration changes, you'll need to edit the settings to reflect the new port number. This is done to prevent unauthorized access to your SSH box.

Once you've made the changes, you'll need to restart the shellinabox service to apply the new settings. This can be done using the usual commands.

To verify that shellinabox is running on the new port, you can use the netstat command. This will show you which ports are in use and by which processes.

It's essential to secure your shellinabox on the firewall and open the 6175 port for a specific IP Address to access your Linux shell remotely.

Access Linux Terminal via Browser

You can access Linux SSH terminal via web browsers by navigating to https://Your-IP-Adress:6175.

This will open a web-based SSH terminal where you can log in with your username and password, and you should be presented with your shell prompt.

WeTTY is another option for accessing a terminal within a web browser, making it easily accessible from any machine with internet access without requiring additional software installations.

WeTTY provides a web-based interface that allows users to access a command-line interface through their web browser, essentially making it a terminal emulator software that runs over HTTP and HTTPS.

Prerequisites and Setup

Credit: youtube.com, Learn SSH In 6 Minutes - Beginners Guide to SSH Tutorial

To deploy a containerized web-based SSH, you'll need to have Docker and Docker Compose installed on your system. Docker is a requirement, and if you don't already have it installed, you can follow one of the guides listed below.

  • How to Install Docker on Ubuntu 22.04
  • How to Install Docker on Debian 12 (Bullseye)
  • How to Install Docker on AlmaLinux / Rocky Linux
  • How to Install Docker on Fedora
  • How to Install Docker on Linux Mint 21
  • How to Install Docker on Raspberry Pi

Docker Compose is also essential, but it's provided separately from Docker. To install it, you'll need to have Docker installed first. You can install Docker Compose by running two simple commands.

WeTTY: Terminal Over Https

WeTTY is a terminal emulator software that runs over HTTP and HTTPS, allowing users to access a command-line interface through their web browser.

It's essentially a web-based interface that provides a terminal within a web browser, making it easily accessible from any machine with internet access.

No additional software installations are required to use WeTTY, which is a major advantage over traditional terminal access methods.

WeTTY can be accessed via a web browser by navigating to a specific URL, such as https://Your-IP-Address:6175.

Prerequisites

Credit: youtube.com, DevOps Prerequisites Course - Getting started with DevOps

To deploy a containerized web-based SSH, you'll need two essential components: Docker and Docker Compose. Docker is a must-have, and if you're new to it, installing it on your Linux system is a breeze.

The guides for installing Docker on various Linux distributions are numerous. You can find step-by-step instructions for Ubuntu 22.04Debian 12 (Bullseye)AlmaLinux / Rocky LinuxFedoraLinux Mint 21Raspberry Pi systems online.

Docker Compose is another crucial component, but it's provided separately from Docker. This means you'll need to install Docker first, or Docker Compose won't function. Fortunately, installing Docker Compose is straightforward, and you can do it by typing two simple commands.

Managing Security

You can configure Shellinabox to run on a non-standard port for added security, such as port 6175. This makes it more difficult for unauthorized access.

To secure your shellinabox, make sure to open the new port number in your firewall and restrict access to a specific IP address. This will prevent anyone from accessing your Linux shell remotely.

It's also a good idea to run Shellinabox behind a reverse proxy server, such as NGINX, to access it securely over HTTPS. This will also allow you to use two-factor authentication for an extra layer of security.

Reverse Proxy & 2FA Configuration

Credit: youtube.com, Secure authentication for EVERYTHING! // Authentik

You can run Shell NGN behind a proxy server to access it securely on an HTTPS URL. This setup is a good idea to ensure your connection is secure.

To set up a reverse proxy, you can check out the article on using NGINX proxy manager. It's a great resource to learn the ropes.

Having a reverse proxy server can also help you access Shell NGN securely, and you can log into it using the built-in 2FA feature. If you have a PRO business license, you can set up 2FA for each individual account.

Personally, I've configured 2FA inside Bitwarden password manager, and it's worked out great. There are no issues with support or operations.

Managing Keys

Managing Keys is a crucial aspect of Bastillion's security features. By default, Bastillion will overwrite all values in the specified authorized_keys file for a system, but you can disable key management by editing the BastillionConfig.properties file.

Credit: youtube.com, Encryption Key Management, Simplified

If key management is enabled, you can specify the refresh interval in the BastillionConfig.properties file, which is updated periodically based on the relationships defined in the application. This ensures that your SSH keys are always up-to-date.

Bastillion generates its own public/private SSH key upon initial startup for use when registering systems, but you can specify a custom SSH key pair in the BastillionConfig.properties file. This allows you to use your own keys instead of the default ones generated by Bastillion.

To use a custom SSH key pair, you'll need to specify the key paths and passphrase in the BastillionConfig.properties file. After startup and once the key has been registered, you can then remove it from the system, and the passphrase and key paths will be removed from the configuration file.

External Authentication

External Authentication is a powerful feature that allows you to manage access to your systems securely.

To enable External Authentication, you'll need to configure the BastillionConfig.properties file.

Credit: youtube.com, Security - External Authentication

Connection details for external authentication must be set in the jaas.conf file.

Administrators will be automatically added as they are authenticated, and full-privileged users can assign system profiles to them.

User LDAP roles can be mapped to Bastillion profiles using the org.eclipse.jetty.jaas.spi.LdapLoginModule.

Users will be added to or removed from defined profiles based on their login and matching role names.

Margarita Champlin

Writer

Margarita Champlin is a seasoned writer with a passion for crafting informative and engaging content. With a keen eye for detail and a knack for simplifying complex topics, she has established herself as a go-to expert in the field of technology. Her writing has been featured in various publications, covering a range of topics, including Azure Monitoring.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.