Hello and Welcome,

 

Some cases, if you are in the workplace for example, you’ll be a part of a fully filtered network, with firewall and IDS-s, and the most of the cases the SSH is not enabled. If the local IT guy are not so clever, they just filter the port 22. In this case it’s easy to connect to your server on a different port.

But when the firewall guys are clever enough to filter the SSH protocol completely, they will kill your connection as well.

Here is a workaround how to use another (encrypted) way to connect to your server.

It’s called shellinabox. It’s a web based SSH access to your server.

Combine it with apache and openSSL, and you will get a secured SSH connection via browser.

 

Install the necessary daemons:

apt-get install apache2 shellinabox

Test if apache2 works:

apache

Activate the SSL Module

The next step is to enable SSL.

a2enmod ssl

Follow up by restarting Apache.

service apache2 restart

 

Create Self Signed SSL Certificate

mkdir /etc/apache2/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

With this command, you will create the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.

The most important part of the key generation is the “Common Name (e.g. server FQDN or YOUR name)” you should put your domain name or public IP address to this field.

 

 

Set Up the Certificate

 

OK, our new certificates are ready, next step would be to set up the virtual hosts to display the new certificate. Open up the SSL config file:

vi /etc/apache2/sites-available/default-ssl

 

Within the section that begins with <VirtualHost _default_:443>, quickly make the following changes. Add a line with your server name right below the Server Admin email:

ServerName example.com:443

 

Replace example.com with your DNS/IP approved domain name or server IP address (it should be the same as the common name on the certificate). Find the following three lines, and make sure that they match the extensions below:

SSLEngine on
SSLCertificateFile /etc/apache2/ssl/apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/apache.key

 

Activate the New Virtual Host

a2ensite default-ssl

 

Restart the apache2 again.

service apache2 restart

 

Configure shellinabox

 

First edit the init.d config file:

vi /etc/default/shellinabox

Add this line to the end of the file:

SHELLINABOX_ARGS="--localhost-only"

 

It should looks like:

# Should shellinaboxd start automatically
SHELLINABOX_DAEMON_START=1

# TCP port that shellinboxd's webserver listens on
SHELLINABOX_PORT=4200

# Parameters that are managed by the system and usually should not need
# changing:
# SHELLINABOX_DATADIR=/var/lib/shellinabox
# SHELLINABOX_USER=shellinabox
# SHELLINABOX_GROUP=shellinabox

# Any optional arguments (e.g. extra service definitions).  Make sure
# that that argument is quoted.
#
#   Beeps are disabled because of reports of the VLC plugin crashing
#   Firefox on Linux/x86_64.
SHELLINABOX_ARGS="--no-beep"
SHELLINABOX_ARGS="--localhost-only"

 

Enable some apache proxy modules:

a2enmod proxy
a2enmod proxy_http

 

Make things easier

Open the following file for editing

vi /etc/apache2/sites-available/default-ssl

AFTER the VirtualHost, but before the end of IfModule put something like this:

</VirtualHost>
<Location /shell>
ProxyPass http://localhost:4200/
</Location>
</IfModule>

 

That means you will be able to reach the server with /shell subdomain.

Restart shellinabox and then restart apache.

service shellinabox restart
service apache2 restart

 

Enjoy

apache12

Advertisements