You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
me f9cb9983b0
continuous-integration/drone Build is passing Details
git and harbor
3 weeks ago
files siab totp 3 years ago
.drone.yml git and harbor 3 weeks ago
Dockerfile Update 'Dockerfile' 1 month ago
README.md Update 'README.md' 5 months ago
docker-compose.yml Update docker-compose.yml 3 years ago

README.md

shellinabox-container Build Status

shellinabox for docker based on alpine linux with Time-based One-time Password (TOTP)

Configuration

Available Environment Variables

  • SIAB_USERCSS: String of configured and enabled css extensions. Defaults to system default list.
  • SIAB_PORT The port where shellinabox should listen to. Defaults to 4200.
  • SIAB_ADDUSER Whether to create a default user. Defaults to true.
  • SIAB_USER The name of the user. Defaults to guest.
  • SIAB_USERID The numeric ID of the user. Defaults to 1000.
  • SIAB_GROUP The primary group of the user. Defaults to guest.
  • SIAB_GROUPID The numeric ID of the primary group of the user. Defaults to 1000.
  • SIAB_PASSWORD The password of the user. Defaults to an autogenerated password, printed out on stdout.
  • SIAB_SHELL The shell of the user. Defaults to /bin/bash.
  • SIAB_HOME The home directory of the user. Defaults to /home/guest.
  • SIAB_SUDO Whether to allow user to sudo. Defaults to false.
  • SIAB_SSL Whether to enable ssl and create certificates on request. Defaults to true.
  • SIAB_SERVICE Service strings to use for shellinabox, separated by whitespace. Defaults to local logins /:LOGIN.
  • SIAB_PKGS Packages to be installed before shellinabox starts. Defaults to none.
  • SIAB_SCRIPT Script to download and run before shellinabox start. SSL verification is disabled. Defaults to none.

How to start with TOTP

When you start container first time your new secret key will be printed to console. You can use this in your TOTP application to generate code for login. 1 emergency scratch code will be printed to console, you can use this for first login. I recommend to run google-authenticator after first login to generate new secret and backup codes. You should mount container /home to local storage to make secret key persistent when container get updated.

Command to see console output:

podman logs -f <container_{name,id}>

Example systemd.service file for running container with podman:

[Unit]
Description=Shellinabox Podman container
Wants=network.target

[Service]
Type=simple
User=root
Group=root
TimeoutStartSec=5m
ExecStartPre=-/usr/bin/podman rm -f "shellinabox"

ExecStart=/usr/bin/podman run --name shellinabox --hostname=shellinabox -v /path/to/mount/point:/home:Z --env-file /path/to/env/file/container.env -p 127.0.0.1:4200:4200 --pull=always reg.fredhs.net/r/shellinabox-container:latest

ExecReload=-/usr/bin/podman stop "shellinabox"
ExecReload=-/usr/bin/podman rm "shellinabox"
ExecStop=/usr/bin/podman stop "shellinabox"
Restart=always
RestartSec=30

[Install]
WantedBy=multi-user.target

container.env file can look like this:

SIAB_USER=siab
SIAB_PASSWORD=my_password
SIAB_SSL=false
SIAB_SERVICE=/:LOGIN
SIAB_PKGS=htop
SIAB_SCRIPT=none