Skip to content

September 23, 2011

Configure Shellinabox as a url path on FreeBSD

by Joe Kuan

I need to test my web application on a remote network. For policy reason, I am only allowed web access to my FreeBSD box (no ssh) which makes the debugging to the backend processes very difficult. Hence, I need to install a web based ssh client, shellinabox, a daemon program that opens a listening port service html pages with http requests and the backend is a ssh login process.

However, my FreeBSD box is behind a firewall which only allows port 80 and 443 traffics. So my only choice is to make the shellinabox tool to serve as a subpath of my web application.

The only way is to use Apache server with proxy module to relay the request/respond between default http port and the shellinabox port as suggested in the man page. Here are the steps to get it working:

  1. The default FreeBSD’s Apache server installation doesn’t build with proxy feature. You have to rebuild the apache in /usr/ports/www/apache22 with proxy selected, mod_proxy and mod_proxy_http
  2. Then install shellinabox from /usr/ports/www/shellinabox. For installing and configuring shellinabox tutorial, see this. Start the daemon and test it is from your browser http://host:4200.
  3. Edit the /usr/local/etc/apache22/httpd.conf to enable the proxy modules
    LoadModule proxy_module  libexec/apache22/mod_proxy.so
    LoadModule proxy_html_module  libexec/apache22/mod_proxy_html.so
    LoadModule proxy_http_module  libexec/apache22/mod_proxy_http.so
    

    If the proxy_http_module is not loaded, then the following error message appears in the apache error log file

    proxy: No protocol handler was valid for the URL
    
  4. Edit /usr/local/etc/apache22/extra/httpd-vhosts.conf for proxy configuration. Add the following lines inside the port 80 VirtualHost directive.
        < Proxy * >
          Order deny,allow
          allow from all
        </ Proxy >
        ProxyPass /shell/ http://localhost:4200/
        ProxyPassReverse /shell/ http://localhost:4200/
    

    Or change the proxy lines to https:// inside the port 443 VirtualHost directive.

  5. For non ssl configuration, the final step is to add –disable-ssl inside the shellinabox rc file, /usr/local/etc/rc.d/shellinaboxd.
    command_args="--disable-ssl --user=${shellinaboxd_user} --group=${shellinaboxd_group} --port=${shellinaboxd_port} --background=${pidfile}"
    

Restart the apache and you should get the login prompt from http://host/shell/ as the screenshot below:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

%d bloggers like this: