How to access SSH terminal in web browser on Linux
Last updated on September 22, 2020 by Dan Nanni
Running "everything" in a web browser used to be a bold statement. Due to the powerful HTML5/JavaScript stack, however, a web browser increasingly becomes a dominant application delivery platform. Even the Linux kernel sandboxed in a web browser no longer sounds so crazy these days.
In this tutorial, I describe how to access an SSH terminal in a web browser on Linux. Web-based SSH is useful when the firewall you are behind is so restrictive that only HTTP(s) traffic can get through.
Shell In A Box (or shellinabox) is a web-based terminal emulator which can run as a web-based SSH client. It comes with its own web server (shellinaboxd) which exports a command line shell to a web-based terminal emulator via AJAX interface. Shell In a Box only needs JavaScript/CSS support from a web browser, and does not require any additional browser plugin.
Install Shell In A Box on Linux
To install shellinabox on Debian, Ubuntu or Linux Mint:
$ sudo apt-get install openssl shellinabox
To install shellinabox on Fedora:
$ sudo yum install openssl shellinabox
To install shellinabox on CentOS or RHEL, first enable EPEL repository, and then run:
$ sudo yum install openssl shellinabox
Configure Shellinaboxd Web Server
By default shellinaboxd web server listens on TCP/4200 port on localhost. In this tutorial, I change the default port to TCP/443 for HTTPS. For that, modify shellinabox configuration as follows.
Configure shellinaboxd On Debian, Ubuntu or Linux Mint:
$ sudo vi /etc/default/shellinabox
# TCP port that shellinboxd's webserver listens on SHELLINABOX_PORT=443 # specify the IP address of a destination SSH server SHELLINABOX_ARGS="--o-beep -s /:SSH:192.168.1.7" # if you want to restrict access to shellinaboxd from localhost only SHELLINABOX_ARGS="--o-beep -s /:SSH:192.168.1.7 --localhost-only"
Configure shellinaboxd On Fedora, CentOS or RHEL:
$ sudo vi /etc/sysconfig/shellinaboxd
# TCP port that shellinboxd's webserver listens on PORT=443 # specify the IP address of a destination SSH server OPTS="-s /:SSH:192.168.1.7" # if you want to restrict access to shellinaboxd from localhost only OPTS="-s /:SSH:192.168.1.7 --localhost-only"
Heads-up for Fedora users: According to the official document, some operations may not work out of the box when you run shellinaboxd in SELinux mode on Fedora. Refer to the document if you have any issue.
Provision a Self-Signed Certificate
During the installation of Shell In A Box, shellinaboxd attempts to create a new self-signed certificate (certificate.pem) by using /usr/bin/openssl if no suitable certificate is found on your Linux. The created certificate is then placed in /var/lib/shellinabox.
If no certificate is found in the directory for some reason, you can create one yourself as follows.
$ su (change to the root) # cd /var/lib/shellinabox # openssl genrsa -des3 -out server.key 1024 # openssl req -new -key server.key -out server.csr # cp server.key server.key.org # openssl rsa -in server.key.org -out server.key # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt # cat server.crt server.key > certificate.pem
Run Shellinaboxd Web Server
On Ubuntu, Debian or Linux Mint:
$ sudo service shellinabox start
On Fedora, CentOS or RHEL:
$ sudo systemctl enable shellinaboxd.service $ sudo systemctl start shellinaboxd.service
To verify if shellinaboxd is running:
$ sudo netstat -nap | grep shellinabox
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 4787/shellinaboxd
Now open up your web browser, and navigate to https://<IP-address-of-SSH_server>. You should be able to see a web-based SSH console, and log in to the remote SSH server via web browser interface.
Support Xmodulo
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.
Xmodulo © 2021 ‒ About ‒ Write for Us ‒ Feed ‒ Powered by DigitalOcean