So, I’ve been stuck with two issues:
a) no ssh access to my servers when I am in a location that’s blocking ssh access.
b) No access resources on the web on ports like 9090 for management or any non-80 or non-443 port.
I have a solution for the first problem but none for the second one (yet).
So, here’s the solution to the first issue: install shellinabox. On my Fedora systems, it is just a simple “dnf install shellinabox -y”.
The default config of shellinabox – in /etc/sysconfig/shellinabox is shown below:
# Shell in a box daemon configuration
# For details see shellinaboxd man page
# Basic options
USER=shellinabox
GROUP=shellinabox
CERTDIR=/var/lib/shellinabox
PORT=4200
OPTS="--disable-ssl-menu -s /:LOGIN"
# Additional examples with custom options:
# Fancy configuration with right-click menu choice for black-on-white:
# OPTS="--user-css Normal:+black-on-white.css,Reverse:-white-on-black.css --disable-ssl-menu -s /:LOGIN"
# Simple configuration for running it as an SSH console with SSL disabled:
# OPTS="-t -s /:SSH:localhost"I changed the last line to read:
OPTS=" -t -s /:SSH:0.0.0.0"Then restart the service via systemctl (systemctl enable shellinaboxd.service and systemctl start shellinaboxd.service), then from the browser point to locahost:4200, and you can get in.
What I then did was to install shellinabox behind a nginx proxy server on a public Internet facing system and have the nginx proxy server route 80 and 443 requests to the shellinaboxd listening on the default port.
Now I have to find a way to fix the second problem. Ideas welcome.
Since you got an Nginx there already, if the number of systems/ports is finite , just add some proxy-path statements on an url path like /redadmin /blueadmin etc
Yes, I’ve not explored those yet. But certainly. I was also informed of SSLH – https://github.com/yrutschle/sslh. I think this will be very interesting to deploy.