[HowTo] SSH in the Browser via shellinabox

  • This HowTo describes how to install shellinabox on your OMV-Machine. Then you can access OMV over SSH with your Browser and don't need putty.
    Thx to user k0gen from this feature-request on mantis


    You do it on your own risk ...


    Please use only 32bit _or_ 64-bit, regarding on your system:
    1. Download shellinabox.deb-file
    32-bit

    Code
    wget https://shellinabox.googlecode.com/files/shellinabox_2.10-1_i386.deb


    64-bit

    Code
    wget https://shellinabox.googlecode.com/files/shellinabox_2.10-1_amd64.deb


    The files are built for Ubuntu Karmic, but they work with OMV, too


    2. Install shellinabox
    32-bit

    Code
    dpkg -i shellinabox_2.10-1_i386.deb


    64-bit

    Code
    dpkg -i shellinabox_2.10-1_amd64.deb


    3. stop shellinabox-daemon

    Code
    /etc/init.d/shellinabox stop


    4. Edit /etc/default/shellinabox
    with vim or nano:
    change this line:

    Code
    SHELLINABOX_ARGS=--no-beep


    to

    Code
    SHELLINABOX_ARGS="--no-beep -s \:SSH"


    5. Start shellinabox

    Code
    /etc/init.d/shellinabox start


    6. Login over your Browser
    Open your Browser with "https://ipofyourOMV:4200"
    and login with your SSH-User and Password
    It should look like this:


    hoppetz is the name of my OMV-Machine


    I'm also using an alternative css-file for shellinabox with a black background (I'm used to have one on Kubuntu ;) )
    Just add '--css /etc/shellinabox/options-enabled/00_White\ On\ Black.css' to the line described under 4.
    For more css, please have a look at: etc/shellinabox/options-available


    If you want to enable SSH-access only from the LAN, you can change the /etc/hosts.allow and /etc/hosts.deny files: OMV -> Network -> Hosts
    In hosts.deny, add:

    Code
    sshd: 0.0.0.0


    In hosts.allow, add:

    Code
    sshd: 192.168.1.0


    or whatever your LAN network is called.
    See man hosts.deny for more details.

  • Volker denied this request before due to security concerns.


    So I highly doubt that Volker will implement it...


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Hmm very cool in principle.


    I noticed there are a couple of issues with it thought; It doesn't work at all with chromium browser. And when I use it through firefox the hyphen key doesn't work. IE is fine though.


    Is there interest in the community to get this as a plugin?

  • Well I got a rudimentary plugin for this working, though it is largely untested.


    I found a few hits regarding the hyphen key not working, also a few users were claiming to have problems with international keyboards. Specifically azerty and french accent keys not being picked up properly. There are a couple of patches which I am thinking I'll test. Also I may have found the cause of it not working on chromium, though according to my research it should affect all webkit browsers so I'm going to test that for sure.

  • Nice work Mitch. A few of us have been using chrome or firefox extensions. There is a secure shell extension for Chrome. If you install it in Chrome and make a link with the openmediavault-links plugin it works really nice. I just tried Midnight Commander in it the other day and MC never looked so good. Keep us informed on your work. Thanks!



    I'm going to have you added to the developers section of the forum.

    • Offizieller Beitrag
    Zitat von "mitchtay"

    Well I got a rudimentary plugin for this working, though it is largely untested.


    Very nice. I would love to see the code to your plugin :)

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • But the Chrome as well as the Firefox Plugins does not work if you´re behind a Firewall which does not allow ssh connections.


    Thats why a Shell inside OMV would be so useful (for me) ;)


    Looking forward to test it as soon as I´m at 0.5 - if you want. :)

  • Please add a restriction to the Plugin, that it can only be used when the GUI is accessed via SSL!


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

  • Zitat von "ryecoaaron"

    Very nice. I would love to see the code to your plugin :)


    Sure thats not a problem, what is the preferred method for sharing code here?


    Zitat von "WastlJ"

    But the Chrome as well as the Firefox Plugins does not work if you´re behind a Firewall which does not allow ssh connections.


    Thats why a Shell inside OMV would be so useful (for me) ;)


    Looking forward to test it as soon as I´m at 0.5 - if you want. :)


    There is usually an easy workaround for this. SSL and SSH connections are virtually indistinguishable from one another as they share the same protocol. TLS connections are a little different but again very similar. So if you aren't currently using HTTPS (443) on your firewall, you should be able to NAT that port through to 22 on your OMV server and connect to it over that, the corporate firewall just assumes its an HTTPS page. I won't go further into detail here so as to not derail the thread.


    Also, when I have something ready for testing I'll make sure I let you know.


    Zitat von "davidh2k"

    Please add a restriction to the Plugin, that it can only be used when the GUI is accessed via SSL!


    Greetings
    David


    I was thinking of having this as a setting, but I think it would be better to piggy back off the webgui setting for SSL connections. If you force SSL on the webgui; then shellinabox will do the same ... I think this is the most flexible option while leaving the security in the hands of the user.

    • Offizieller Beitrag
    Zitat von "mitchtay"

    Sure thats not a problem, what is the preferred method for sharing code here?


    We have the third party plugins at github. Works well for me. Or you could attach the code. Up to you :)

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Zitat von "mitchtay"

    I was thinking of having this as a setting, but I think it would be better to piggy back off the webgui setting for SSL connections. If you force SSL on the webgui; then shellinabox will do the same ... I think this is the most flexible option while leaving the security in the hands of the user.


    Don't let this lack of security fall into the hands of the users. Either the user uses SSL and therefore can use shellinabox or he don't uses SSL and isn't able to use shellinabox. When you implement it the right way, take the security risks away from the users and don't let them decide, because the risk is just too high with plain text exchange the password of the root account e.g. We should keep Volkers approach to rather just do it/force it, then let the users decide!


    This is just my opinion, but I think many of us will share this, right? Without SSL the shellinabox doesn't make sense for me.


    Greetings
    David

    "Well... lately this forum has become support for everything except omv" [...] "And is like someone is banning Google from their browsers"


    Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.

    Upload Logfile via WebGUI/CLI
    #openmediavault on freenode IRC | German & English | GMT+1
    Absolutely no Support via PM!

    • Offizieller Beitrag

    github is very easy. If you signup, you will see a Create a New Repo in the top right. After that, it will tell you exactly how to add the code. I assume you are using Linux. If not, download the github for windows app and it is very easy to add code as well.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Zitat von "mitchtay"

    Well I got a rudimentary plugin for this working, though it is largely untested.


    I found a few hits regarding the hyphen key not working, also a few users were claiming to have problems with international keyboards. Specifically azerty and french accent keys not being picked up properly. There are a couple of patches which I am thinking I'll test. Also I may have found the cause of it not working on chromium, though according to my research it should affect all webkit browsers so I'm going to test that for sure.


    I'm very interested in this plugin, is it for version 0.4 or 0.5?



    Edit:
    Already checked Github, looks like it is for >= 0.5, any chance of making it compatible for 0.4?

    • Offizieller Beitrag

    It would be quite a bit of work make it compatible with 0.4. Personally, I don't know the 0.4 plugin structure very well. I think the time is better spent porting the rest of the plugins to 0.5.

    omv 7.0.4-2 sandworm | 64 bit | 6.5 proxmox kernel

    plugins :: omvextrasorg 7.0 | kvm 7.0.10 | compose 7.1.2 | k8s 7.0-6 | cputemp 7.0 | mergerfs 7.0.3


    omv-extras.org plugins source code and issue tracker - github


    Please try ctrl-shift-R and read this before posting a question.

    Please put your OMV system details in your signature.
    Please don't PM for support... Too many PMs!

  • Zitat von "ryecoaaron"

    It would be quite a bit of work make it compatible with 0.4. Personally, I don't know the 0.4 plugin structure very well. I think the time is better spent porting the rest of the plugins to 0.5.


    No problem, I can understand that. Maybe it is time for me to upgrade to 0.5.

  • Only asuugest, on my work I can't access to any URL that have port, eg: https://myddns.ddns.org:4200 so is a pity to use Shell in a box.


    1 - it's possible to configure shellinabox to use name instead or port? eg: https://myddns.ddns.org/shell



    Thanks in advanced.

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!