Running a web-based bastion host

So, I’ve been stuck with two issues:

a) no ssh access to my servers when I am in a location that’s blocking ssh access.

b) No access resources on the web on ports like 9090 for management or any non-80 or non-443 port.

I have a solution for the first problem but none for the second one (yet).

So, here’s the solution to the first issue: install shellinabox. On my Fedora systems, it is just a simple “dnf install shellinabox -y”.

The default config of shellinabox – in /etc/sysconfig/shellinabox is shown below:

# Shell in a box daemon configuration
# For details see shellinaboxd man page

# Basic options
OPTS="--disable-ssl-menu -s /:LOGIN"

# Additional examples with custom options:

# Fancy configuration with right-click menu choice for black-on-white:
# OPTS="--user-css Normal:+black-on-white.css,Reverse:-white-on-black.css --disable-ssl-menu -s /:LOGIN"

# Simple configuration for running it as an SSH console with SSL disabled:
# OPTS="-t -s /:SSH:localhost"

I changed the last line to read:

OPTS=" -t -s /:SSH:"

Then restart the service via systemctl (systemctl enable shellinaboxd.service and systemctl start shellinaboxd.service), then from the browser point to locahost:4200, and you can get in.

What I then did was to install shellinabox behind a nginx proxy server on a public Internet facing system and have the nginx proxy server route 80 and 443 requests to the shellinaboxd listening on the default port.

Now I have to find a way to fix the second problem. Ideas welcome.


Leave a Reply