I have learnt a lot from this forum and I am sure I will learn a lot more, so today I decided to give a little back to good people of this forum.
Disclaimer: I would like to say that I personally have used and setup web-based shell access and I am using it every day and I believe it is secure enough for me to use, but I take no responsibility in regards to the security of your server or your shell prompt!
Now the pleasantries are out of the way let’s get on with it!
Prerequisites:
Ubuntu/Debian or its variation server: (Because I am good at it, you could use your own choice I believe!)
Apache2 server: (Again I know apache so I am using this if you know any other i.e. nginx or lightttpd please use that but I am not familiar with any other than apache)
nano text editor: Just apt-get install nano if you dont have it already
Now log in to your server with ssh, I would strongly suggest using a normal user then just type sudo su and your user password and you will become root for as long as you want, once you finished with it just type exit and you will be back to normal user. (If you need to know how to use sudo please Google it)
Once you are logged in to your server and got root privileges you need to download “shellinabox”
To download shellinabox
Type wget http://shellinabox.googlecode.com/files/shellinabox_2.10-1_i386.deb (this is for 32bit)
or
Type wget http://shellinabox.googlecode.com/files/shellinabox_2.10-1_amd64.deb this is for 64bit)
Now type
dpkg –i shellinabox_2.10-1_amd64.deb (for 64bit)
or
dpkg –i shellinabox_2.10-1_i386.deb (for 32bit)
Once it’s install it will be running on localhost:4200
You could change the port 4200 to any other if you desire just type
nano /etc/default/shellinabox
once done just press Ctrl and x key and nano will ask you if you want save before exit so type yes in to terminal and press enter this will save and exit nano
and change default port to your desire one and restart shellinabox for new setting to take affect by typing
invoke-rc.d shellinabox restart
Now ShellinAbox is up and running so we need to create vhost in apache which is easy enough, but before you create vhost I would suggest you to go to http://co.cc and get a yourfreedomain.co.cc from them and point that free domain to the ip address of your server with A record, (please Google it if you don’t know how to setup an A record)
Once this is done come back to your server and set up vhost like I did as below:
Type nano /etc/apache2/sites-available/yourfreedomain.co.cc
And type/paste as pastebin link below in to nano window and once done just press Ctrl and x key and nano will ask you if you want save before exit so type yes in to terminal and press enter this will save you vhost your yourfreedomain.co.cc and exit nano at the same time.
You’re not done yet, far from it…!
You need to create server.crt and server.key for your shellinabox vhost, don’t worry I will show you how to easily do it. You need openssl installed for this so if you don’t have it just type:
apt-get install openssl
Now to create a self-signed certificate type:
openssl genrsa -des3 -out server.key 4096
Next create a certificate signing request with it. This command will prompt for a series of things (country, state or province, etc.). Make sure that "Common Name” matches yourfreedomain.co.cc . I also suggest not making a challenge password at this point, since it'll just mean more typing for you.
execute the command below and type what needs to be typed
openssl req -new -key server.key -out server.csr
Now sign the certificate signing request. This ceritificate will lasts 999 days you can change it if you want, now type:
openssl x509 -req -days 999 -in server.csr -signkey server.key -out server.crt
Make a version of the server.key which doesn't need a password every time you restart apache2 server:
openssl rsa -in server.key -out server.key.insecure
then type
mv server.key server.key.secure
then type
mv server.key.insecure server.key
These files are quite sensitive and should be guarded for permissions very carefully.
Now step two of the ssl certificate:
type
mkdir /etc/apache2/ssl/
then type
cp server.key /etc/apache2/ssl/
then type
cp server.crt /etc/apache2/ssl/
Your ssl certificate is created and moved to right place.
Now type
nano /etc/apache2/httpd.conf
now type
NameVirtualHost *:443
And press Ctrl and x key type yes into prompt and press enter key that will save and exit nano
So far so good I hope ;)
Now we need to create .htpasswd file for secure login prompt over https.
Just go to http://www.htaccesstools.com/htpasswd-generator/
Go to bottom of the page put your desire username and desire password and it will give you encrypted password with your user name which we will use to secure our yourfreedomain.co.cc
I got myfreedomainuser:$apr1$nHujQmK2$Mou85BxOXg6oyMfm3Rwdw.
You can see my username: myfreedomainuser but my password is encrypted but my password is myfreedomainpassword which I would use to loin to yourfreedomain.co.cc
Once you get your username/password sorted we need to use nano again to create a .htpasswd file
Just type:
nano /var/bin/.htpasswd
onece in to nano editor copy your username/password (from above site where you just created your own username and encrypted password) if you write click in to nano it will paste what ever text is copied in to memory.
So my /var/bin/.htpasswd would have one line in it as below
myfreedomainuser:$apr1$nHujQmK2$Mou85BxOXg6oyMfm3Rwdw.
Once you pasted your username/password just press Ctrl and x key and type yes to the prompt and that should save and exit nano.
Now we need to make sure there are few apache2 mods are enabled and also our new vhost is also enabled for all this to work.
So type
a2ensite yourfreedomain.co.cc
then type
a2enmod ssl
then type
a2enmod proxy
now type
/etc/init.d/apache2 reload
And that’s it!
If all have gone as we planned going to our domain yourfreedomain.co.cc would send you to https:// yourfreedomain.co.cc and give you warning about the self signed certificate which is fine as you just accept it then it will pop up a box to put username/password so please put in your username you chose when you encrypted it and your password which again you chose when you encrypted it at http://www.htaccesstools.com/htpasswd-generator/
Once you are on your domain you would see a terminal asking for your server username which you should type in and then your password; while tying a password you will not see anything being typed, and as you should know that it’s normal for unix not to show anything while typing a password.
Now this is it, you are logged in to your server via https and you are enjoying all the security of ssl encryption and can ssh in to your server from any where in the world regardless of the security they have put in place!
If I have made any mistakes in typing or otherwise please feel free to let me know, this is a very first tutorial I have ever written in my life! so I am sure there may be mistakes in this! If you share this tutorial with others please just give credit where it’s due, thank you for your understanding.
P.S.: Just change yourfreedomain.co.cc to your actual free domain from http://co.cc