Install Shell In A Box (Shellinabox) on an Ubuntu or Debian VPS

Shell In A Box is a web based terminal for Linux based machines, pretty much SSH in a web browser. It was created by Markus Gutschke a few years ago.

If you’re looking for a way to SSH into one of your server from behind a firewall, say from where you work or school this program will also let you accomplish that too.

Since we’ll be entering our server passwords into the shellinabox terminal when it is installed, we’ll be also installing a free SSL Let’s Encrypt certificate to make sure your install is nice and secure to use!

Installing Shellinabox

Shellinabox should be included in the default repositories so we shouldn’t need to add them add if you’re using Ubuntu, Debian or even Linux Mint.

So for Ubuntu based Distributions run the command

sudo apt-get update
sudo apt-get install openssl shellinabox

If you’re using Debian minimal you’ll want to also install sudo if you haven’t by default.

sudo apt-get install sudo


Installing Apache

We’ll be installing Apache for a few reasons. Since Shellinabox requires SSL we can use an Apache reverse proxy so that we can use a Let’s Encrypt certificate to get the SSL certificate for free. We’ll also be using it to proxy the non standard port that Shellinabox uses (that is blocked in most business firewalls) to the standard HTTPS port which is 443.

So to install Apache on Ubuntu or Debian based distributions use the command (If you already have Apache installed you can skip this step and go to the next command)

sudo apt-get install apache2

Then we’ll need to enable the SSL module of Apache2

sudo a2enmod ssl

And also the proxy module

sudo a2enmod http_proxy

Then restart Apache2

sudo service apache2 restart

Configuring Apache

Now we’ll add a config file to the Apache server, this will tell it to forward all requests that have “/shellinabox” for example “”. You can change this to anything you want however.

First we create the config file for the proxy.

nano /etc/apache2/sites-enabled/shellinabox.conf

Then paste the following

<Location /shellinabox>
ProxyPass http://localhost:4200/
Order allow,deny
Allow from all

Now we can restart Apache and move onto getting a SSL certificate for our Shell In a Box install.

Deploying Let’s Encrypt

Let’s Encrypt is where we will be getting our SSL certificate from, this means we won’t get any errors about the certificate being invalid when we go to our Shellinabox install.

To start we’ll need to install Certbot, this is the program we’ll be using to get the certificate.

You must have a subdomain or domain pointing to the IP of the server you’re installing Shellinabox in, otherwise you won’t be able to finish this tutorial.

To install Certbot, use the command

cd /usr/local/sbin/
chmod a+x certbot-auto

Now we can provision an SSL certificate for the domain / subdomain we’re using for our Shellinabox install.

To do this we will tell certbot to generate a certificate for us to use and apply it automatically to our Apache install.

certbot-auto --apache -d

If at any point it asks you whether you want to make your entire server secure, you’ll want to press yes on that option.

Creating a User For Shellinabox

Since Shellinabox disabled logins via the root account by default, we’ll create another user to login with. You should only need to do this if you’re on a VPS or dedicated server which only has a root account by default.

You can create an account with the command

adduser username

Enter a password for the account then press enter each time you are prompted for more information, unless you want to fill them in of course.

Restart Apache

We’ll restart Apache one more time to make sure everything was applied by certbot

service apache2 restart

Using Shell In a Box

Now that everything is setup we can login to our server using the shellinabox console. To do this, enter the domain name you chose earlier with the directory you also set.

For example, if you set and in the Apache file you set the location as /shellinabox you would put into your web browser to get to your console.

It should be like using a normal SSH session, enter the user account name that you created before then the password when prompted to login. If you want to use the root account afterwards you can use the command

sudo su

And then enter your password.

If you need help leave a comment and we’ll try our best to get yours working!

7 thoughts on “Install Shell In A Box (Shellinabox) on an Ubuntu or Debian VPS

  • 15th February 2017 at 2:44 AM

    Works fine for me! Thank You!

  • 17th August 2017 at 7:39 PM

    Question: I installed shellinabox on my Raspberry PI, works great. My only problem (minor) is that when I access my box remotely, I have this slashed HTTPS because I use my self-signed certificate. If I want to implement the full SSL on my site, do I simply use certbot with the “apache” option ? If so, life’s great !!!

    Thanks 🙂

    • 17th August 2017 at 8:12 PM

      Hi there!

      If the Apache server is available publicly (not behind a firewall) then yeah the Apache option in Let’s Encrypt should work fine 🙂

  • 3rd September 2017 at 2:02 AM

    By far the quickest tutorial yet, it’s not working for me sadly, when I connect to https://my-vps/shellinabox/. I keep getting error 502. When I connect to my shellinabox server by using http://my-vps:4200/, it will take me to https://my-vps:4200 and Chrome will warn me that it not secure, when I change “shellinabox.conf” from “ProxyPass http://localhost:4200/” to “ProxyPass https://localhost:4200/” it will give me an error 500. Please help, thank you.

    • 3rd September 2017 at 2:10 AM

      Oops, sorry, you can delete this, I disabled SSL in the shellinabox config and it started working 🙂

  • 20th September 2017 at 6:40 PM

    I now setup a server, that is directly reachable from outside (using a VPS), and did all the install as your page suggests. The main page under https works fine. However, when adding the /shellinabox at the end to invoke shellinabox, I get the error message:

    Proxy Error

    The proxy server received an invalid response from an upstream server.
    The proxy server could not handle the request GET /shellinabox.

    I triple-checked the name of the file “shellinabox” under /etc/apache2/sites-enabled, asd well as the “Location ” name in the .conf file to be /shellinabox.

    I read somewhere else that we needed to do something for “proxy local only”……. Do you know anything of this ? I understand it will make sure that shellinabox will only accept local requests……… As well, the port 4200 is not open to the internet.


Leave a Reply

Your email address will not be published. Required fields are marked *