You can install shellinabox with your Debian-flavored package manager with a single command:
sudo apt install shellinabox
White text on black screen
The default setting is a white screen with black text. You can right-click to switch it, but if you're like me you'll want to set it to black screen with white text as a default. From the git repository, pull down the CSS needed to make the change:
sudo wget https://raw.githubusercontent.com/shellinabox/shellinabox/master/shellinabox/white-on-black.css -O /etc/shellinabox/white-on-black.css
Then open the shellinabox config file for editing:
sudo nano /etc/default/shellinabox
Add "--css /etc/shellinabox/white-on-black.css" to SHELLINABOX_ARGS. It already disables the beep, so add this flag and it should look like this when you're done:
SHELLINABOX_ARGS="--no-beep --css /etc/shellinabox/white-on-black.css"
Save the file, and restart the service to activate the change:
sudo service shellinabox restart
That's all.
Devuan SSL needs work
This all works great on Ubuntu, System76, etc., but a Devuan install did not play nicely with SSL. I'm sure it's possible, so I tried a number of ways, even after I found references in forum posts with people who were not able to get SSL working on devuan. But, not being a cert expert, I finally decided to use the --disable-ssl flag in the configuration file (see below). This is utterly insecure and should NOT be exposed to the public. But I did want remote access to a Devuan box, so I placed it behind an Apache reverse proxy which has SSL security. Then I installed 2FA in the SSH endpoint, and lastly, I added HTTP Basic Authentication to the front side of the proxy, thereby adding two more layers of security.
- Connection from browser to webserver (secure because basic authentication is required)
- Connection from browser to webserver (secure because reverse proxy is encrypted)
- Connection from webserver to internal Devuan server (alas, not secure)
- SSH terminal on internal Devuan server (secure because 2FA authentication required)
Here's the flag used to disable SSL. NOT RECOMMENDED for an unprotected server.
SHELLINABOX_ARGS="--no-beep --css /etc/shellinabox/white-on-black.css --disable-ssl"
Couple other config items
Here are a couple other useful flags I found. The first one allows you to connect to OpenSSH locally instead of (what I imagine must be) programmatically executing a shell. The advantage of this setting is that you can use OpenSSH OTP to protect your access, instead of (also) adding a reverse proxy and configuring OTP into the proxy. (Expert note:) By accessing OpenSSH in this manner, you encounter a minor cosmetic bug which has been fixed in the git repository but has not made it into the mainstream distros yet. The console shows a message about "RhostsRSAAuthentication" when you login. You can fix this by using git clone and compiling/installing the code yourself instead of apt install as shown above.
SHELLINABOX_ARGS="--no-beep --css /etc/shellinabox/white-on-black.css -s /:SSH"
And this one allows you to connect to SSH on another server altogether:
SHELLINABOX_ARGS="--no-beep --css /etc/shellinabox/white-on-black.css -s /:SSH:10.0.2.1"
That's all.
Problems with "rhostsrsaauthentication" and "rsaauthentication"?
See another post I made about how to resolve this issue.