Shellinabox (Shell In A Box) is a web-based terminal emulator that allows you to access a shell (command line interface) via a web browser. It creates a web server that serves a terminal emulator to your browser, enabling remote command line access to your server. This is particularly useful for managing servers or performing administrative tasks without needing a dedicated SSH client.

Key Features

  • Web-based Access: Provides terminal access through a web browser.
  • Easy Setup: Simple to install and configure.
  • SSL/TLS Support: Can be configured to use HTTPS for secure connections.
  • Customization: Supports various customization options for appearance and behavior.

The need arose because we regularly use htop to monitor the running processes on our servers. An article was previously written to explain why and how Linux uses memory. It is not always convenient to connect to the terminal to access commands, so we wanted something more common and easy to use.

Installation on Ubuntu

  1. Update your package list:
sudo apt update
  1. Install Shellinabox:
sudo apt install shellinabox
  1. Start the Shellinabox service:
sudo systemctl start shellinabox
  1. Enable Shellinabox to start on boot:
sudo systemctl enable shellinabox

Access the Web Terminal:
Open a web browser and navigate to http://your_server_ip:4200. You should see a login prompt similar to what you would see if you were accessing your server via SSH.

brown turtle swimming in water
Photo by Abner abiu Castillo diaz / Unsplash


The default configuration file is located at /etc/default/shellinabox. You can edit this file to customize various options such as port number, user, and group permissions, and SSL settings.

For example, to change the port Shellinabox listens on, you would modify the SHELLINABOX_PORT line in the configuration file.

# Example configuration to change the port to 8080

After making changes, restart the Shellinabox service to apply the new configuration.

sudo systemctl restart shellinabox

Security Considerations

  1. SSL/TLS: By default, Shellinabox does not use SSL/TLS. To enable it, you need to configure SSL certificates. You can use self-signed certificates or obtain a certificate from a trusted Certificate Authority (CA).To generate a self-signed certificate:
sudo openssl req -x509 -newkey rsa:4096 -keyout /etc/shellinabox/shellinabox.key -out /etc/shellinabox/shellinabox.crt -days 365 -nodes
  1. Firewall: Ensure that the port used by Shellinabox is allowed through the firewall.
sudo ufw allow 4200/tcp
  1. User Permissions: Limit access to trusted users and consider additional security layers like two-factor authentication (2FA).

Shellinabox is a convenient tool for remote server management and provides an alternative to traditional SSH clients, making it easier to access your server's terminal from anywhere with a web browser.

Tips & Must Have

Accessing Shellinabox with the root user is typically disabled for security reasons. Allowing root login directly can pose significant security risks, as it provides unrestricted access to the system. Instead, it is recommended to use a regular user account with sudo privileges to perform administrative tasks.

If you understand the security implications and still wish to enable root login, you can modify the Shellinabox configuration. Here’s how you can do it:

  1. Edit Shellinabox Configuration:
    Open the Shellinabox configuration file for editing:
sudo nano /etc/default/shellinabox
  1. Allow Root Login:
    Add the --no-beep argument to the SHELLINABOX_ARGS line to disable the bell, which is sometimes necessary for proper root access. You can also add --user=root if necessary.
SHELLINABOX_ARGS="--no-beep --user=root"

Save the file and exit the editor (Ctrl+X, then Y, then Enter).Restart

  1. Shellinabox:
    Restart the Shellinabox service to apply the changes:
sudo systemctl restart shellinabox
  1. Create a New User (if necessary):
    If you don’t have a regular user with sudo privileges, create one:
sudo adduser newuser
sudo usermod -aG sudo newuser
  1. Login with the Regular User:
    Access Shellinabox using the new user credentials.
  2. Use sudo for Administrative Tasks:
    Once logged in, you can execute commands with sudo to perform tasks that require root privileges:
sudo htop

Security Considerations

  • Root Login Risks: Enabling root login increases the risk of unauthorized access. Always ensure you have strong passwords and, if possible, use other security measures such as fail2ban or two-factor authentication (2FA).
  • Secure Connections: Ensure Shellinabox is configured to use HTTPS to encrypt your connection.
  • Monitoring and Auditing: Regularly monitor and audit login attempts and system logs to detect any unauthorized access.

By following these steps, you can either enable root login for Shellinabox (not recommended) or use a regular user with sudo privileges (recommended) to access administrative functions securely.

When your browser indicates that the connection is not secure despite having SSL installed for Shellinabox, it is likely due to one of the following reasons:

  1. Self-Signed Certificate: If you are using a self-signed SSL certificate, most modern browsers will flag the connection as not fully secure because the certificate is not signed by a trusted Certificate Authority (CA).
  2. Mismatched Domain: The SSL certificate may not match the domain name you are accessing. For example, if the certificate is issued for, but you are accessing the server using its IP address or a different domain, the browser will show a warning.
  3. Expired Certificate: The SSL certificate might have expired, which will cause browsers to consider the connection insecure.
  4. Incorrect Configuration: There might be issues in the Shellinabox configuration that prevent it from properly serving the SSL certificate.

Steps to Resolve the Issue

1. Check Certificate Validity and Configuration

Ensure that your SSL certificate is valid and correctly configured:

  • Verify the expiration date of the certificate.
  • Ensure the certificate is issued for the correct domain.
  • Check the configuration file (/etc/default/shellinabox) for any misconfigurations.

2. Using a Self-Signed Certificate

If you are using a self-signed certificate, consider obtaining a certificate from a trusted CA. For testing or internal use, you can proceed with the self-signed certificate but will need to manually trust the certificate in your browser.

To manually trust a self-signed certificate:

  • Open the Shellinabox URL in your browser.
  • Click on the "Not Secure" warning and view the certificate.
  • Follow the prompts to add an exception and trust the certificate.

3. Obtaining a Trusted Certificate

For production use, it is recommended to use a trusted SSL certificate from a recognized CA. You can use services like Let's Encrypt to obtain a free, trusted SSL certificate.

Steps to Install Let's Encrypt SSL Certificate
  1. Install Certbot:
sudo apt update
sudo apt install certbot

Generate the Certificate:
Use Certbot to generate and install the certificate. Replace your_domain with your actual domain.

sudo certbot certonly --standalone -d your_domain

Configure Shellinabox to Use the Certificate:
Edit the Shellinabox configuration file to use the newly obtained certificate.

sudo nano /etc/default/shellinabox

Update the SHELLINABOX_ARGS to point to the Let's Encrypt certificate and key:

SHELLINABOX_ARGS="--ssl-cert=/etc/letsencrypt/live/your_domain/fullchain.pem --ssl-key=/etc/letsencrypt/live/your_domain/privkey.pem"

Save and exit the file (Ctrl+X, then Y, then Enter).

  1. Restart Shellinabox:
sudo systemctl restart shellinabox

Accessing the Server Using the Correct Domain

Ensure that you are accessing Shellinabox using the domain name that matches the SSL certificate. For example, if the certificate is for your_domain, access Shellinabox via https://your_domain:4200.

By following these steps, you should be able to resolve the "connection not secure" warning and ensure that your Shellinabox connection is secure.

Share this post