[BlueOnyx:20298] New Feature for 5207R/5208R/5209R: Shellinabox
Michael Stauber
mstauber at blueonyx.it
Thu Nov 24 18:37:34 -05 2016
Hi all,
The least used function on BlueOnyx is probably "Personal Profile" /
"Programs" / "SSH". It used an ancient Java-Applet to allow SSH login to
the server via the GUI.
Even at best of times *this* was rather useless. Now with most modern
browsers shunning Java it's pointless.
So I just took the opportunity to replace this with something more
modern that works in any browser without exotic plugins and allows you
to directly access the Shell on a BlueOnyx via the GUI:
Shellinabox
************
https://github.com/shellinabox/shellinabox
Conditions:
============
- "Shellinabox" must be enabled under "Network Services" / "Shell".
- User must be able to login to the GUI
- User must have shell access enabled
- User accesses "Programs" / "Console Login" from within the GUI.
By default the service "shellinaboxd" is *not* enabled or running. So if
you want to use that feature, you have to turn it on via the GUI first.
Technical details:
==================
Shellinabox runs a deamon named "shellinaboxd", which brings it's own
webserver with it. In our implementation it binds to 127.0.0.1:4200 and
is therefore not reachable via the outside world. Because we want to
play it safe.
Shellinabox can either route connections to SSHd, or the Console service
to directly open a PTY terminal. We use the later and establish a direct
terminal session. Because SSH might have been locked down via
hosts.allow/hosts.deny or may have password authentication disabled and
therefore would expect SSH keys. Hence direct console access is preferable.
AdmServ has been reconfigured so that a certain URL will redirect
traffic via mod_proxy to 127.0.0.1.4200 and therefore to Shellinabox.
But only if the access was initiated via the GUI. Otherwise it'll
redirect to a 403 error page.
In our default implementation the daemon for "Shellinabox" is disabled.
After all, this is a new daemon for a little used feature. Who wants it
active on his own server can turn it on himself via the GUI on an as
needed basis.
When you access Shellinabox in the GUI via your browser, you get a login
prompt at which you can login with a valid username and password if that
user has shell access enabled.
Direct login as "root" is not possible. Direct "su -" as "admin" to gain
root access works on 5207R/5208R, but not on 5209R due to Systemd
related issues. There you can "su root-<username>" to that of an
existing System-Administrator with enabled "shell access" if need be.
The GUI mentions this if you're trying to access it as "admin".
Once on the shell, pretty much everything works as if in a real SSH or
Terminal client. You can fire up "mc", "pico", "nano", can run "top" and
all the function keys work and colors are as you'd expect them to be.
The only thing that doesn't seem to work is the auto-completion of
commands via the tabulator key. All things considered it's pretty neat
and useful and needs no exotic browser plugins.
It also helps us with support cases where people are unable to open SSH
for this or that reason (typically: firewall issues). In which case we
can then use the GUI to access the shell if need be and if the user
provides us with GUI access of sufficient privileges in his support ticket.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list