Submitted by moonlune in freeAsInFreedom (edited )

The setup on my raspberry pi was pretty easy:

  1. apt install shellinabox

  2. slightly change the config file to add to use it on my proxy (/etc/default/shellinabox)

    SHELLINABOX_ARGS="--no-beep --localhost-only --disable-ssl"

  3. add the port to my Caddyfile (reverse proxy) (behind an authentication):

    shell.my_website.xyz { reverse_proxy 127.0.0.1:4200 basicauth { my_name my_passwd_hash } }

  4. restarted the systemd services for caddy and shellinabox (it's enabled by defalut when DLed)

And it's as simple as that, I now have access to my server from anywhere in the world, no ssh port open on my modem, and authentication is locked behind 2 passwords (the caddy passwd, and then the shell user password) + obscure url. It took me ~30 while mucking around.

8

Comments

You must log in or register to comment.

HardHeartedBastard wrote

What do you use it for? It seems like a big security risk?

1

moonlune OP wrote

I can connect from any computer regardless if they have a terminal.

I feel like it's safer than having a ssh port open?

3

Twoeyes wrote

Generally I'd say SSH is more secure than web based login, but any risks are likely mitigated by the use of a reverse proxy.

My only thought would be a separate type of authentication (certificate or soft-token), but that may counter the idea of having the more flexible remote terminal.

3