Skip to content

Instantly share code, notes, and snippets.

@TangentFoxy
Last active April 26, 2018 20:08
Show Gist options
  • Save TangentFoxy/bc62891a9d7da488e7fc9da0a16f4c06 to your computer and use it in GitHub Desktop.
Save TangentFoxy/bc62891a9d7da488e7fc9da0a16f4c06 to your computer and use it in GitHub Desktop.
Easy-to-use install script for shellinabox. https://github.com/shellinabox/shellinabox
sudo apt-get update
sudo apt-get install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf -y
sudo apt-get install git libssl-dev libpam0g-dev zlib1g-dev dh-autoreconf -y # duplicated because errors I encountered that were fixed by just running it again
git clone https://github.com/shellinabox/shellinabox.git
cd shellinabox
autoreconf -i
autoreconf -i # duplicated beause errors I encountered that were fixed by just running it again
./configure
make
dpkg-buildpackage -b
dpkg -i ../shellinabox*.deb
@TangentFoxy
Copy link
Author

Note, when this is complete, https://localhost:4200 on that machine will be a shell. It is using a self-signed certificate, so you will get security errors. I should look up how to specify a cert when I have the chance.

@TangentFoxy
Copy link
Author

Also, I don't know if the autoreconf/./configure/make commands are actually needed when installing the deb package.

@TangentFoxy
Copy link
Author

TangentFoxy commented Apr 24, 2018

An example config for proxying to this with a trusted certificate:

server {
  listen 443 ssl;
  server_name shell.guard13007.com

  add_header Strict-Transport-Security "max-age=63072000; preload"; # includeSubDomains;
  add_header X-Frame-Options DENY;
  add_header X-Content-Type-Options nosniff;

  ssl_certificate /etc/letsencrypt/live/shell.guard13007.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/shell.guard13007.com/privkey.pem;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
  ssl_ecdh_curve secp384r1;
  ssl_session_cache shared:SSL:10m;
  ssl_session_tickets off;
  ssl_stapling on;
  ssl_stapling_verify on;
  ssl_dhparam /srv/dhparams.pem;

  location / {
    proxy_pass https://127.0.0.1:4200;
    proxy_ssl_verify off; # just ignoring it, localhost anyhow so its secure
  }
}

This would be placed in a file within /etc/nginx/sites-enabled/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment