Configuring and autostarting shellinabox

jpluimers · May 31, 2014, 10:18pm

Since many of the places I travel to have firewalls disallowing other than http and https traffic.

So I started researching shellinabox for openSuSE (I run 12.3), but there is remarkably little information https://www.google.com/search?q=shellinabox+opensuse
The first link (on my end) even talks about downloading the source, then compile and install it in /etc/init.d/boot.local: http://www.linuxintro.org/wiki/Shell_in_a_box

I found out that zypper knows about shellinabox, so this succeeded:

zypper install shellinabox

Now my plan is this:

run shellinabox in non-secure mode locally
have apache handle the https to http

So, here I am trying to get this done without relying on yast, as I want to know how to configure this on the console.

This gives a whole bunch of questions, starting with these:

is chkconfig the right command to configure shellinabox to run as a service and start after boot? It seems to indicate that currently it is not configured as such, but apache is:

**snip:/home/jeroenp #** chkconfig shellinabox
shellinabox  off
**snip:/home/jeroenp #** chkconfig apache2
apache2  on

rcshellinabox start will start the service at port 4200, as nmap shows nicely:

**snip:/etc/shellinabox/certs #** nmap -sV -p 4200 localhost


Starting Nmap 6.25 ( http://nmap.org ) at 2014-05-31 22:14 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000091s latency).
PORT     STATE SERVICE VERSION
4200/tcp open  http    ShellInABox httpd


Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 11.31 seconds

what is the configuration file to tell shellinabox the local port number, usage of HTTPS and such? There seem to be none generated in /etc

Right now these directories are empty:

/etc/shellinabox
/etc/shellinabox/certs

The thing is however that http://localhost:4200 is automagically redirected to https://localhost:4200/ (which I don’t want, as I want apache2 to do the https handling for me so I can share port 443 with other https traffic).

is this still the correct way to have apache as a front-end for shellinabox: http://www.linuxintro.org/wiki/Shell_in_a_box#Use_in_a_web_server

More questions will obviously follow (:

–jeroen

tsu2 · June 2, 2014, 8:27pm

I don’t see how shellinabox can address the problem you want to solve (traffic restricted to http and https).

Remote services will always require connecting to the service on a specified port, you <must> have access to that port unless you have a proxy on the Internet which can accept traffic over port 80 or 443 and then applies rules to create a new session to the destination on the expected and required port.

Or, use a VPN over a permitted port which can encapsulate your session accessing the service using a port normally blocked.

TSU