Go to file
me f9cb9983b0
continuous-integration/drone Build is failing Details
git and harbor
2023-02-26 16:06:35 +01:00
files siab totp 2020-05-22 21:52:05 +02:00
.drone.yml git and harbor 2023-02-26 16:06:35 +01:00
Dockerfile Update 'Dockerfile' 2023-02-16 22:52:21 +00:00
README.md Update 'README.md' 2022-11-05 22:41:18 +00:00
docker-compose.yml Update docker-compose.yml 2020-05-23 09:45:13 +00:00

README.md

shellinabox-container Build Status

shellinabox for docker based on alpine linux with Time-based One-time Password (TOTP)

Configuration

Available Environment Variables

  • SIAB_USERCSS: String of configured and enabled css extensions. Defaults to system default list.
  • SIAB_PORT The port where shellinabox should listen to. Defaults to 4200.
  • SIAB_ADDUSER Whether to create a default user. Defaults to true.
  • SIAB_USER The name of the user. Defaults to guest.
  • SIAB_USERID The numeric ID of the user. Defaults to 1000.
  • SIAB_GROUP The primary group of the user. Defaults to guest.
  • SIAB_GROUPID The numeric ID of the primary group of the user. Defaults to 1000.
  • SIAB_PASSWORD The password of the user. Defaults to an autogenerated password, printed out on stdout.
  • SIAB_SHELL The shell of the user. Defaults to /bin/bash.
  • SIAB_HOME The home directory of the user. Defaults to /home/guest.
  • SIAB_SUDO Whether to allow user to sudo. Defaults to false.
  • SIAB_SSL Whether to enable ssl and create certificates on request. Defaults to true.
  • SIAB_SERVICE Service strings to use for shellinabox, separated by whitespace. Defaults to local logins /:LOGIN.
  • SIAB_PKGS Packages to be installed before shellinabox starts. Defaults to none.
  • SIAB_SCRIPT Script to download and run before shellinabox start. SSL verification is disabled. Defaults to none.

How to start with TOTP

When you start container first time your new secret key will be printed to console. You can use this in your TOTP application to generate code for login. 1 emergency scratch code will be printed to console, you can use this for first login. I recommend to run google-authenticator after first login to generate new secret and backup codes. You should mount container /home to local storage to make secret key persistent when container get updated.

Command to see console output:

podman logs -f <container_{name,id}>

Example systemd.service file for running container with podman:

[Unit]
Description=Shellinabox Podman container
Wants=network.target

[Service]
Type=simple
User=root
Group=root
TimeoutStartSec=5m
ExecStartPre=-/usr/bin/podman rm -f "shellinabox"

ExecStart=/usr/bin/podman run --name shellinabox --hostname=shellinabox -v /path/to/mount/point:/home:Z --env-file /path/to/env/file/container.env -p 127.0.0.1:4200:4200 --pull=always reg.fredhs.net/r/shellinabox-container:latest

ExecReload=-/usr/bin/podman stop "shellinabox"
ExecReload=-/usr/bin/podman rm "shellinabox"
ExecStop=/usr/bin/podman stop "shellinabox"
Restart=always
RestartSec=30

[Install]
WantedBy=multi-user.target

container.env file can look like this:

SIAB_USER=siab
SIAB_PASSWORD=my_password
SIAB_SSL=false
SIAB_SERVICE=/:LOGIN
SIAB_PKGS=htop
SIAB_SCRIPT=none