Bypass your Linux firewall with SSH over HTTP

Remote work is here to stay; use this helpful open source solution to quickly connect and access all your devices from anywhere.
157 readers like this.

With the growth of connectivity and remote jobs, accessing remote computing resources becomes more important every day. But the requirements for providing external access to devices and hardware make this task complex and risky. Aiming to reduce this friction, ShellHub is a cloud server that allows universal access to those devices, from any external network.

ShellHub is an open source solution, licensed under Apache 2.0, that covers all those needs and allows users to connect and manage multiple devices through a single account. It was developed to facilitate developers' and programmers' tasks, making remote access to Linux devices possible for any hardware architecture.

Looking more closely, the ShellHub solution uses the HTTP transport layer to encapsulate the SSH protocol. This transport layer choice allows for seamless use on most networks as it is commonly available and accepted by most companies' firewall rules and policies.

These examples use ShellHub version 0.3.2, released on Jun 10, 2020.

Using ShellHub

To access the platform, just go to shellhub.io and register yourself to create an account. Your registration data will help the development team to understand the user profile and provide more insight into how to improve the platform.

ShellHub registration form

Figure 1: Registration form available in shellhub.io

ShellHub's design has an intuitive and clean interface that makes all information and functionality available in the fastest way. After you've registered, you will be on the dashboard, ready to register your first device.

Adding a device

To enable the connection of devices via ShellHub, you'll need to generate an identifier that will be used to authenticate your device when it connects to the server.

This identification must be configured inside the agent (ShellHub client) that will be saved in the device along with the image or it must be added as a Docker container.

By default, ShellHub uses Docker to run the agent, which is very convenient, as it provides frictionless addition of devices on the existing system, with Docker support being the only requirement. To add a device, you need to paste the command line, which is presented inside the ShellHub Cloud dialog (see Figure 2).

Figure 2: Adding a device to the ShellHub Cloud

By default, the device uses its MAC address as its hostname. Internally, the device is identified by its key, which is generated during the device registration to authenticate it with the server.

Accessing devices

To access your devices, just go to View All Devices in the dashboard, or click on Devices on the left side menu; these will list all your registered devices.

The device state can be easily seen on the page. The online ones show a green icon next to them and can be connected by clicking on the terminal icon. You then enter the credentials and, finally, click the Connect button, see (Figure 3).

Figure 3: Accessing a device using the terminal on the web

Another way to access your devices is from any SSH client like PuTTY, Termius, or even the Linux terminal. We can use the ShellHub Identification, called SSHID, as the destination address to connect (e.g., ssh username@SSHID). Figure 4 illustrates how we can connect to our machine using the Linux SSH client on the terminal.

Figure 4: Connecting to a device using the Linux terminal

Whenever you log in to the ShellHub Cloud platform, you'll have access to all your registered devices on the dashboard so you can access them from everywhere, anytime. ShellHub adds simplicity to the process of keeping communications secure with your remote machines through an open source platform and in a transparent way.

Join ShellHub Community on GitHub or feel free to send your suggestions or feedback to the developers' team through Gitter or by emailing contato@ossystems.com.br. We love to receive contributions from community members!

What to read next

7 Comments

This is a wonderful article. I've always found articles around firewalls to be interesting and your take on it is great :)

i also recommend corkscrew as a configured proxy in .ssh/config
just requires running ssh on port 443 on the target server.
from there you could use the target as jumphost.
this way you can use native ssh.

Absolutely brilliant.....Thank You for sharing.

That would work in some circumstances. However, one challenge that most of us face is that the exposed IP address for our private network changes on a periodic basis. This solution solves that problem. Not to say it's a panacea, but it's something.

I suppose one could always explore renting a Linux server somewhere and run shellinabox on it. That might make for a good project some day if I ever find the free time. ;)

In reply to by Nico (not verified)

I just took a quick look at the Getting Started documentation. The very first step for installing ShellHub how to, "... install and run a self-hosted instance of ShellHub on your local machine or on IaaS providers like AWS, Azure, Google Cloud or Digital Ocean." So you could go that way if you wished.

In reply to by sgtrock

A really good explanation.

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.