Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up

Secure shell in your browser

License

NotificationsYou must be signed in to change notification settings

leshniak/httpsh

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

A bunch of scripts and configs that allows to expose a shell via HTTPS.

httpsh_screenshot

Project requirements

  • works as a system service
  • the service fulfills the principle of minimal privilege (can't simply use/bin/login as it requires root privileges)
  • exposes a web client with the user's shell
  • supports password authentication
  • has an optional protection against brute force attacks
  • uses secure transport protocols

Dependencies

The project depends on bash, ssh (client+server), systemd,ttyd, nginx, grep and optionally fail2ban (if you want to have a brute force protection). sshd must be configured for accepting incoming local connections.

Everything was tested on Debian Linux.

Installation

  1. Copy the config files (etc folder) to the corresponding directories in your system.
  2. Download ttyd and put the executable in/usr/local/bin/ttyd. You can choose another directory, but don't forget to edit the config files.
  3. Putttyd-login script in/usr/local/bin/ttyd-login. Applychmod +x for both executables.
  4. Create a user namedttyd, with a home directory and disabled login shell. It is required for~/.ssh files. The home can be custom, for example/var/local/ttyd/:
# mkdir -p /var/local/ttyd# useradd -d /var/local/ttyd -s /bin/false ttyd# chown -R ttyd:ttyd /var/local/ttyd
  1. Add a new location in nginx configuration for your domain. If you want to have a shell underhttps://example.com/shell, add this to theserver section:
location ~ ^\/shell(\/.*)?$ {  include snippets/shell.conf;}

Running the service

  1. Reload systemd unit filessystemctl daemon-reload.
  2. Restart all edited services:
# systemctl restart nginx# systemctl restart fail2ban
  1. Starthttpsh service and enable the autostart during the system startup:
# systemctl start ttyd@shell# systemctl enable ttyd@shell
  1. The shell should be up and running underhttps://example.com/shell

Done! 🎉🏆

Recommendations

I recommend to use fail2ban protection and TLS v1.3 for your domain.DO NOT use plain HTTP without TLS – it's like using telnet instead of ssh.

Questions and suggestions

If you have any questions, please create a new Github issue.

Sponsorship

If you appreciate my work, it will be cool to know that I drink mycoffee ☕ thanks to you!

Releases

No releases published

Packages

No packages published

Languages

[8]ページ先頭
©2009-2025 Movatter.jp