peeyush-tm / shellinabox Goto Github PK

What steps will reproduce the problem?
1. Launch with port 443

What is the expected output? What do you see instead?

Fails on permissions.

Please provide any additional information below.

Many corporate firewalls only allow outgoing HTTPS traffic on port 443.

For these situations, the listener MUST be there.

I'm currently just using a router to forward 443 to 4200, but that wouldn't
work for all people in all situations, so this is desirable.  For me, since
I have control of iptables rules in my openwrt linux based router, it isn't
really a high priority.  But I'm one of those whose workplace firewall will
not allow anything but HTTP on 80 and HTTPS on 443.

The install target of the debian/rules file uses ln(1) to link the example CSS 
profiles in 
/usr/share/doc/shellinabox into /etc/shellinabox/options-available/

This makes the package un-buildable within filesystems such as AFS, which don't 
allow cross-
directory hardlinks at all. It also makes the package potentially 
uninstallable, should 
/usr/share/doc/shellinabox and /etc/shellinabox/options-available be on 
different local 
filesystems (which is always at the sysadmins' discretion)

See also <http://lintian.debian.org/tags/package-contains-hardlink.html>

Those files should be either copied between the two locations, or one of the 
locations should be 
a symlink.

Attached is the very straightforward patch to use copies instead of hardlinks.

What steps will reproduce the problem?

1. Type a long line, watch the cursor position.

What is the expected output? What do you see instead?

The cursor should be where the next character will render.

Instead, it lags more and more as I type, about 1 for 15.
That is, every 15 characters, it is one character more displaced left.

What version of the product are you using? On what operating system?

Firefox 3.07, probably Andale Mono is the default monospace font.

Please provide any additional information below.

NOTA BENE: The problem is NOT occurring with Linux Firefox 3.07 and Linux
default Monospace font.  I conjecture that this is a font metrics problem?

But I don't know if the problem is with shellinabox or with the font?

Possibly this is really a bug with Microsoft's Andale Mono font?

Or maybe it is a bug with how shellinabox javascript figures out the metric
for where to put the cursor?  I don't know the heuristic...

What steps will reproduce the problem?
1. Install on a machine without lsb installed
2. Post install script fails

What is the expected output? Successfull installation.

What do you see instead?

The output I see:

# dpkg -i shellinabox_2.9-1_i386.deb
Selecting previously deselected package shellinabox.
(Reading database ... 52862 files and directories currently installed.)
Unpacking shellinabox (from shellinabox_2.9-1_i386.deb) ...
Setting up shellinabox (2.9-1) ...
/etc/init.d/shellinabox: /lib/lsb/init-functions: No such file or directory
invoke-rc.d: initscript shellinabox, action "start" failed.
dpkg: error processing shellinabox (--install):
 subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
 shellinabox

At this point it is also not possible to simply uninstall the package.

What version of the product are you using? On what operating system?

Version 2.9-1, the provided deb file.

On Debian 3.0

What steps will reproduce the problem?
1. Type @ or | on German quertz-Keyboard doesn't put any character in
Terminal. (All this Chars need the AltGr-Key pressed)

What is the expected output? What do you see instead?
- { or [ or ] or } produces beep
- @ or € or | produces nothing
- @@ produces "Display all possibilities?"

What version of the product are you using? On what operating system?
- shellinabox 2.8 self compiled on a
- debian lenny with kernel 2.6.26

Please provide any additional information below.

I want to send parameter to the running shell.
for example i want to send ip address and the shellinabox will telnet the ip.
Every time i want telnet to different ip and do it in same time .
the parameter can send by POST or GET

Thanks a lot

Guy

Love the project! This is a minor gripe that may not have an easy (any?)
solution.

What steps will reproduce the problem?
1. Copy text from another application
2. Right click in the shellinabox console
3. Paste option is disabled

What is the expected output? What do you see instead?
Paste option is enabled and allows me to paste the contents of my system
clipboard.

What version of the product are you using? On what operating system?
Server: shellinabox-2.10 on Debian Testing (armel)
Client: Firefox 3.5 on Windows XP

Please provide any additional information below.
If it is not possible to integrate the copy/paste options in the
right-click menu with the operating system's clipboard, consider this
possible solution: Don't hijack the Common User Access
(http://en.wikipedia.org/wiki/Common_User_Access) shortcuts (e.g.
Shift+Ins). Instead leave them to the interpretation of the web
browser/operating system.

What steps will reproduce the problem?
1. Install the .deb on Ubuntu 8.04.3 Hardy server
2. Attempt to start shellinabox using sudo /etc/init.d/shellinabox start
3. get error message

What is the expected output? What do you see instead?

alan@bishop:~$ sudo /etc/init.d/shellinabox start
 * Starting Shell In A Box Daemon shellinabox
Check failed at libhttp/ssl.c:685 in sslSetCertificate(): 
SSL_CTX_set_tlsext_servername_callback(ssl->sslContext, sslSNICallback)
   ...done.

What version of the product are you using? On what operating system?

ii  shellinabox                  2.10-1                       publish 
command line shell through AJAX interface

alan@bishop:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 8.04.3 LTS
Release:        8.04
Codename:       hardy


Please provide any additional information below.

logging/logging.c:183: error: only weak aliases are supported in this 
configuration


And indeed I see use of the __attribute__(("alias")) feature in logging.c

Unfortunately there is no comment explaining what this is for or why it's used. 
It appears to be a part of the lazy-loaded SSL support?

Can this be code be changed?

What steps will reproduce the problem?
1. Configure/make/make install shellinabox-2.8 on a Fedora 9 box.
2. Run shellinaboxd -t (from root session)
3. Connect to "http://localhost:4200" on a local browser.

What is the expected output? What do you see instead?

- Expected "login:", "password:" and bash prompt.

- Instead, after entering the correct login information for the login and
password prompts, a prompt for "context" and then "level" were displayed.

- All attempts with various values for "context" and "level" gleaned from
the system's "SELinux Administration" tool, yielded "Authentication failed"
messages from shellinabox.

What version of the product are you using? On what operating system?

shellinabox-2.8

Fedora 9 (default SELinux configuration)

Please provide any additional information below.

1. Install using generated .deb file
2. Edit /etc/default/shellinabox giving custom "-c" (or -g) option.
3. Startup fails with "Only one certificate directory can be selected" etc.

Note, also, no messages of any kind are logged to syslog or daemon.log - it
was necessary to manually turn off "quiet" options and even then the error
came to stdout, not to a log file.  Expected behaviour with a .deb
installed daemon would be for log messages to go to /var/log files, and for
*something* to be logged in the case of a startup failure.

Freshly enthused by your rapid response to my issue #17, I'd like to offer 
this feature request.

I'd like to see shellinabox be able to detect URLs and turn them into 
links.  This could be an option on the command line.

What steps will reproduce the problem?
1. Start with certificate which requires intermediate certs.
2. Open with browser that doesn't have those certs.
3. Browser fails.  I tried concatenating them in the pem...

What is the expected output? What do you see instead?

Browser should be able to access the chain to the one it trusts.

What version of the product are you using? On what operating system?

SVN tip, ubuntu 8.10

Please provide any additional information below.

In, i.e., apache, I can use, i.e., SSLCertificateChainFile...

What steps will reproduce the problem?
1. Use the following PS1 for zsh: "%{^[[33;36;1m%}%T%{^[[0m%}
%{^[[33;31;1m%}%n%{^[[0m^[[33;33;1m%}@%{^[[33;37;1m%}%m
%{^[[33;32;1m%}%~%{^[[0m^[[33;33;1m%}%#%{^[[0m%} " (you'll need to retype
the ^[ chars)
2. The cursor will appear inside the PS1 output if no character is typed on
the line. The cursor is correctly aligned for lines containing 1 or more
characters.

Note that using a similar line on bash doesn't cause the same problem
("\[\e[1;36m\]\A \[\e[1;31m\]\u\[\e[1;33m\]@\[\e[1;37m\]\h
\[\e[1;32m\]\w\[\e[1;33m\]% \[\e[0m\]").

What steps will reproduce the problem?
1. download
2. ./configure
3. make

What is the expected output? What do you see instead?

/bin/bash ./libtool --tag=CC   --mode=compile gcc
-DPACKAGE_NAME=\"shellinabox\" -DPACKAGE_TARNAME=\"shellinabox\"
-DPACKAGE_VERSION=\"2.3\" -DPACKAGE_STRING=\"shellinabox\ 2.3\"
-DPACKAGE_BUGREPORT=\"[email protected]\" -DPACKAGE=\"shellinabox\"
-DVERSION=\"2.3\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
-DHAVE_PTHREAD_H=1 -I.    -g -std=gnu99 -Wall -Werror -Os -g -O2 -MT ssl.lo
-MD -MP -MF .deps/ssl.Tpo -c -o ssl.lo `test -f 'libhttp/ssl.c' || echo
'./'`libhttp/ssl.c
 gcc -DPACKAGE_NAME=\"shellinabox\" -DPACKAGE_TARNAME=\"shellinabox\"
-DPACKAGE_VERSION=\"2.3\" "-DPACKAGE_STRING=\"shellinabox 2.3\""
-DPACKAGE_BUGREPORT=\"[email protected]\" -DPACKAGE=\"shellinabox\"
-DVERSION=\"2.3\" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
-DHAVE_PTHREAD_H=1 -I. -g -std=gnu99 -Wall -Werror -Os -g -O2 -MT ssl.lo
-MD -MP -MF .deps/ssl.Tpo -c libhttp/ssl.c  -fPIC -DPIC -o .libs/ssl.o
cc1: warnings being treated as errors
libhttp/ssl.c:274: error: ‘sslGenerateCertificate’ defined but not used
make: *** [ssl.lo] Error 1


What version of the product are you using? On what operating system?

shellinabox-2.3.tar.gz

Please provide any additional information below.

Can be worked around by removing -Werror and running automake && ./configure

What steps will reproduce the problem?
1. ./configure; make; make install
2. /etc/init.d/shellinabox start

What is the expected output? What do you see instead?

Expected: ... starting ...

Actual: /etc/init.d/shellinabox: No such file or directory

What version of the product are you using? On what operating system?

Ubuntu

Please provide any additional information below.

Would be nice to have for all those of us who are rusty at making our own
/etc/init.d files from the template...

I am using firefox 3.0.10 under ubuntu 9.04 64 bits edition. When I connect
to a shellinabox running on a computer with utf8 default encoding (both the
client and the server in fact), the display of the characters is correct,
but I can't enter any accentuated key with my french azerty keyboard.

Particularly, on the first row of keys (where the numbers are on a US
keyboard), the key '2' is supposed to give the letter 'é' (the number '2'
is obtained by pressing shift+the key). But when I press this key, nothing
happens (no character appears on the screen, and the state of the software
seems not to change as any other key pressed after will function normally).

The same thing happen (that is, nothing) when pressing other non-ASCII key
(e.g. number '7' which correspond to the character 'è' or '9' or '0' (which
are labelled 'ç' and 'à' on my keyboard, and some other keys like 'ù' which
sits to column right of 'L').

With firefox 3.0.10 under windows, there is no problem.

As I am compiling shellinaboxd from source, I can help with the debugging.
I tried to implement some debuging printout in "VT100.prototype.handleKey",
but I know no javascript, so I was unsuccessful. Tell me if there is
something I can do to help find the origin of the problem.

What steps will reproduce the problem?
gcc version 4.3.4 (Gentoo 4.3.4 p1.0, pie-10.1.5)
Linking of ascii text files (cgi_root.html->cgi_root.o, etc.) seems to be a 
problem in my 
environment

What is the expected output? What do you see instead?
...............................
/bin/sh ./libtool --tag=CC   --mode=link gcc -g -std=gnu99 -Wall -Os -static  
-o 
shellinaboxd shellinaboxd.o externalfile.o launcher.o privileges.o service.o 
session.o usercss.o 
shellinabox/cgi_root.o shellinabox/root_page.o shellinabox/vt100.o 
shellinabox/shell_in_a_box.o shellinabox/styles.o shellinabox/print-styles.o 
shellinabox/enabled.o shellinabox/favicon.o shellinabox/beep.o liblogging.la 
libhttp.la -lz -ldl -
lutil 
libtool: link: gcc -g -std=gnu99 -Wall -Os -o shellinaboxd shellinaboxd.o 
externalfile.o 
launcher.o privileges.o service.o session.o usercss.o shellinabox/cgi_root.o 
shellinabox/root_page.o shellinabox/vt100.o shellinabox/shell_in_a_box.o 
shellinabox/styles.o 
shellinabox/print-styles.o shellinabox/enabled.o shellinabox/favicon.o 
shellinabox/beep.o  
./.libs/liblogging.a ./.libs/libhttp.a -lz -ldl -lutil
/usr/lib/gcc/powerpc-unknown-linux-gnu/4.3.4/../../../../powerpc-unknown-linux-
gnu/bin/ld:shellinabox/cgi_root.o: file format not recognized; treating as 
linker script
/usr/lib/gcc/powerpc-unknown-linux-gnu/4.3.4/../../../../powerpc-unknown-linux-
gnu/bin/ld:shellinabox/cgi_root.o:1: syntax error
collect2: ld returned 1 exit status
make[1]: *** [shellinaboxd] Error 1
make[1]: Leaving directory `/usr/src/shellinabox-2.10'
make: *** [all] Error 2

What version of the product are you using? On what operating system?
shellinabox-2.10
linux-2.6.30-gentoo-r8

Hi,

I wanted to be able to issue a login banner when using the internal LOGIN
function of shellinabox, ala /sbin/getty -f issuefile.  I tried this when
starting shellinabox:

/usr/bin/shellinaboxd --user=0 --group=0 \
--service="/:root:root:/:/sbin/getty -f /etc/issue 38400 -"

But something wasn't happy, and I definitely lack the skill to troubleshoot
it.  

I hacked up the attached super-n00b patch, which does work, but is most
likely not the best solution.  agetty (the getty I'm using) allows for
string substitution in issue files, but the attached patch just cats the
issue file to the client, so ANSI escape sequences work (the client renders
them correctly) but no string substitution is performed.

Screenshot of the banner here (click through google's thingy):

http://psas.googlegroups.com/web/siab.issue_banner.26Aug2009.jpg

Also, any plans on setting up a mailing list for SIAB, using the issue
tracker for stuff like this seems like overkill.

Thanks,

Brian

What steps will reproduce the problem?
1. Works fine in Firefox, verified several versions
2. Open from IE6 6.0.2900.2180.xpsp_sp2_gdr.080814-1223
3. Hangs, but then after a while has "line 495 char 3 invalid argument" 

What is the expected output? What do you see instead?

would like it to work with IE6

What version of the product are you using? On what operating system?

see above

Please provide any additional information below.

What steps will reproduce the problem?
1. download
2. ./configure
3. make

What is the expected output? What do you see instead?

/bin/bash ./libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.    -g
-std=gnu99 -Wall -Werror -Os -g -O2 -MT httpconnection.lo -MD -MP -MF
.deps/httpconnection.Tpo -c -o httpconnection.lo `test -f
'libhttp/httpconnection.c' || echo './'`libhttp/httpconnection.c
 gcc -DHAVE_CONFIG_H -I. -g -std=gnu99 -Wall -Werror -Os -g -O2 -MT
httpconnection.lo -MD -MP -MF .deps/httpconnection.Tpo -c
libhttp/httpconnection.c  -fPIC -DPIC -o .libs/httpconnection.o
cc1: warnings being treated as errors
libhttp/httpconnection.c: In function ‘httpHandleCommand’:
libhttp/httpconnection.c:554: error: format not a string literal and no
format arguments
libhttp/httpconnection.c:557: error: format not a string literal and no
format arguments
libhttp/httpconnection.c:571: error: format not a string literal and no
format arguments
libhttp/httpconnection.c:608: error: format not a string literal and no
format arguments
libhttp/httpconnection.c: In function ‘httpParseCommand’:
libhttp/httpconnection.c:637: error: format not a string literal and no
format arguments
libhttp/httpconnection.c: In function ‘httpParseHeaders’:
libhttp/httpconnection.c:784: error: format not a string literal and no
format arguments
libhttp/httpconnection.c: In function ‘httpHandleConnection’:
libhttp/httpconnection.c:943: error: format not a string literal and no
format arguments
make[1]: *** [httpconnection.lo] Error 1
make[1]: Leaving directory `/home/biehl/devel/progs/shellinabox-2.4'
make: *** [all] Error 2


What version of the product are you using? On what operating system?

Ubuntu 8.10, gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu12) 

Please provide any additional information below.

Workaround as before, more errors seem to hide after the first one above
(is there any reason to release with -Werror?)

Hi,

I have made  

http://code.google.com/p/ajaxgroovyshell/

I use the processed vt100.js and shell_in_a_box.js files from shellinabox.
I will try to update from your repository once in a while.

I considered to fetch the files directly from your repository in the
buildscript, but since I need the processed files, I don't think it will work.

Thanks for the great code.

Best
Anders

What steps will reproduce the problem?

1.shellinaboxd --user=nobody --group=nobody --port=2666 -s /:SSH
2.In web browser i'm getting login prompt. When type username I being 
disconnected within an error

command-line line 0: Unsupported option "GSSAPIAuthentication"
command-line line 0: Bad configuration option: VisualHostKey

What is the expected output? What do you see instead?

Run in shellinaboxd in debug mode, no joy. All it shows is session opened 
and then closed (screenshot attached)

What version of the product are you using? On what operating system?

v2.10

Please provide any additional information below.

Let me know if you need more info

What steps will reproduce the problem?
1. Installed from source using tar ball
2. ./configure - make && make install
3. Ran shellinaboxd and it works but not through HTTPS

What is the expected output? What do you see instead?
A secured session 

What version of the product are you using? On what operating system?
Latest - CentOS 5.4 (Final)

Please provide any additional information below.
OpenSSL works fine for Webmin sessions. Not for Shellinabox though.

I don't know if I'm how is wrong or something in shell in a box, I
downloaded shellinabox-2.7.tar.gz

./configure and make are attached

Thanks in advance and keep up the good work :)

Note: Excuse my English, I'm still learning it.

When I run into a daemon that offers me options to change my uid and gid, my 
expectation is 
that it will totally drop its root privileges as soon as possible. I was 
therefore surprised and 
concerned to notice that shellinaboxd actually leaves the saved set-user-ID 
value set to root in 
the launcher process. Furthermore, dropping the real and effective UIDs to 
nobody but leaving 
the saved set-user-ID is somewhat deceptive in that it lulls people into 
thinking that the 
daemon is running totally unprivileged.

I think a better solution would be roughly as follows:
 - If shellinabox is started as root, and a uid or gid is specified, unconditionally drop privileges. If 
this breaks the LOGIN service, that will affect fewer people then having 
shellinaboxd 
unconditionally hold on to privileges.
 - If neither a uid or gid is specified, look at the service map. If the LOGIN service is in the service 
map, do not drop privileges at all - run the daemon as root
 - If neither a uid or gid is specified, and the LOGIN service is not in the service map, drop 
privileges to nobody/nogroup

What steps will reproduce the problem?
1. Install and use Shellinabox 2.10
2. Use a french keyboard
3. Try to type the 'â' character

What is the expected output? What do you see instead?
Expected: 'â'
Seen: ']â' instead

What version of the product are you using? On what operating system?
Server: Shellinabox 2.10 on linux 2.6.31
Client: Windows XP SP3. Browsers: tried with FF 3.5.6 and IE8

This problem doesn't affect v2.9

Just two requests which would be neat :)

1. Option to have a black background.
2. Option to disable colours. Handy if your using IRC and want it to look 
liek your doing actual work :)

What steps will reproduce the problem?

Check out an old version, build, then update and attempt to rebuild.

1. svn co -r 136 http://shellinabox.googlecode.com/svn/trunk/
shellinabox-from-svn
2. cd shellinabox-from-svn/
3. ./configure
4. make # (works)
5. svn update
6. ./configure # (optional)
7. make

Transcript attached, but the critical bit is pasted below too:

make[1]: Entering directory `/home/tony/shellinabox-from-svn'
/bin/sh ./libtool --tag=CC   --mode=compile gcc -DHAVE_CONFIG_H -I.    -g
-std=gnu99 -Wall -Os -MT hashmap.lo -MD -MP -MF .deps/hashmap.Tpo -c -o
hashmap.lo `test -f 'libhttp/hashmap.c' || echo './'`libhttp/hashmap.c
./libtool: line 467: CDPATH: command not found
./libtool: line 1145: func_opt_split: command not found
libtool: Version mismatch error.  This is libtool 2.2.6 Debian-2.2.6a-4,
but the
libtool: definition of this LT_INIT comes from an older release.
libtool: You should recreate aclocal.m4 with macros from libtool 2.2.6
Debian-2.2.6a-4
libtool: and run autoconf again.
make[1]: *** [hashmap.lo] Error 63
make[1]: Leaving directory `/home/tony/shellinabox-from-svn'
make: *** [all] Error 2


What is the expected output? What do you see instead?

A successful build

What version of the product are you using? On what operating system?

Debian Lenny, amd64, virtualised under OpenVZ

Please provide any additional information below.

What steps will reproduce the problem?
1. shellinaboxd -t 
2. start firefox 3.0.9 under windows
3. connect to the shellbox instance
4. login
5. press '>' or '<'

What is the expected output? What do you see instead?
nothing. I expect to see < or >, when i press them

First of all, You made a good peace of useful software.
And now comes the "but" statement.

But there are some small improvements that will improve the usefulness:

1. whenever I create something with script on Unix-like box, I have
pictures or files as a result
(textopdf (pdf) or R (statistics) script (png, pdf, jpg), ...),
I can rearrange the script that the result will go to the file (created
dynamically),
and I would like to see the content.
I have seen in the code that you are creating the links and the user can
click on the link,
but I have to arrange another server to provide the content.
Is it possible to serve the dynamic content too.

2. whenever the URL is coming like a content, it it possible to create an
event handler (or alert function),
to pull the URL to specific tab (as a separate window, to load the URL in a
floating IFRAME or load the URL over HTTP Request object)

3. posting script, shell command, ... without typing (purpose: showcase,
shell scripting course, ...),
we can make floating DIV with buttons and content as it should be typed.

4. simple solution for clipboard: you already have local clipboard (for the
session), make two boxes (list box widget) to copy to or from
system clip board (I'm using Klipper, so I can copy the content from The
Screen), and please do not push any other plugin to do the job,
now the solution is without Flash and/or Java, and that's fine and clean.

5. printing or copying the content of the screen: it will be fine, to have
a possibility to pick up the whole content into the string.

6. and the upload of the file to the specific tmp folder

Yes, I know, some of these things are not so easy to create, but I have a
hope :-)

Merry Christmas and Happy New Year

What steps will reproduce the problem?
1. type http://example.com/somefile.jpg into a SIAB session
2. notice that only "http://example.com/somefile" is linkified

What is the expected output? What do you see instead?

To linkify the extension too

What version of the product are you using? On what operating system?

Debian lenny, amd64, SVN r142, Firefox 3.0.11 on Ubuntu, and also IE8 on Win XP

Please provide any additional information below.

Screenshot attached

What steps will reproduce the problem?

1. Pressing "Caps Lock" Key, remains in lower case

What is the expected output? What do you see instead?

Is expected to get Capitals 

What version of the product are you using? On what operating system?

Using version 2.9 on Debian/Etch

Please provide any additional information below.

What steps will reproduce the problem?
1. download current SVN (as-of Mar 16 2009 1400UTC)
2. ./configure
3. ./make

What is the expected output? What do you see instead?

gcc -DHAVE_CONFIG_H -I.    -g -std=gnu99 -Wall -Werror -Os -g -O2 -MT
launcher.o -MD
-MP -MF .deps/launcher.Tpo -c -o launcher.o `test -f
'shellinabox/launcher.c' || echo
'./'`shellinabox/launcher.c
cc1: warnings being treated as errors
shellinabox/launcher.c: In function ‘launcherDaemon’:
shellinabox/launcher.c:1246: error: ignoring return value of ‘write’,
declared with
attribute warn_unused_result
make[1]: *** [launcher.o] Error 1
make[1]: Leaving directory `/usr/local/src/shellinabox/shellinabox-read-only'
make: *** [all] Error 2
root@6m:/usr/local/src/shellinabox/shellinabox-read-only# 

What version of the product are you using? On what operating system?

Current SVN Mar 16 Ubuntu 8.10

Please provide any additional information below.

May be related to other build issue that was fixed.

What steps will reproduce the problem?
1. Install siab 2.10 from deb pkg, letting default settings
2. Setup a reverse-proxy with lighttpd to access siab from 
https://example.com/terminal/
3. Go to https://example.com/terminal/
-> Error 404.

See attached the log of siab while it give me that 404 error :

The lighttpd conf piece looks like : 

--------------------------------------------------------------
    $HTTP["host"] =~ "example.com" {
        proxy.server = ( "/terminal/" =>
                    (
                     ( "host" => "127.0.0.1", "port" => 4200)
                    )
                    )
    }
--------------------------------------------------------------

P.S: It works flawlessly if I access it directly towards the 4200 port.

What steps will reproduce the problem?
1. Install Debian package on an Etch system: dpkg -i 
shellinabox_2.9-1_i386.deb
2. Run SIAB daemon (as root) : shellinaboxd --cert=/tmp/certificates -g 
shellinabox
3. Point a browser to https://localhost:4200

What is the expected output? What do you see instead?

I'd expect a self-signed certificate to be created under /tmp/certificates 
and an encrypted browser session. Instead of that, when I go to the https 
URL, I get an error message (varies depending upong the browser) saying 
that a connection cannot be established. If I go to http://localhost:4200 
then I get the login prompt, but the connection is never promoted to SSL/
TLS. I've tried Opera, Firefox, Konqueror and IE6 (by using Wine). 

It's quite likely that I'm missing something pretty obvious here, but I 
cannot find what is it.

What version of the product are you using? On what operating system?

I'm running version 2.9 (r139), installed from the Debian package that is 
available for download. The operating system is Debian Etch running a 
vserver-k7 kernel:

Linux version 2.6.18-6-vserver-k7 (Debian 2.6.18.dfsg.1-18etch1) 
([email protected]) (gcc version 4.1.2 20061115 (prerelease) (Debian 
4.1.1-21)) #1 SMP Sun Feb 10 22:35:25 UTC 2008

Please provide any additional information below.

When trying to access SIAB through https://... with Firefox, I got an 
error message that I had never seen before: "localhost has sent an 
incorrect or unexpected message. Error code: -12263". 

What steps will reproduce the problem?
1. install shellinabox on a server
2. configure nginx to listen on HTTPS and forward it to shellinabox
3. try and browse to shellinabox via the HTTPS proxy

Result: I get the "Connect" as per if I had logged out.  Attempts to
connect or refresh get quickly bounced back to the "Connect" button.

Is there anything in shellinabox that doesn't play well with HTTPS and
proxies?  Please note I have it running fine through a HTTP proxy (apache).

Build process:
I am using v2.8, running on Debian lenny, AMD64.  I created a package using
the venerable checkinstall, on my builder box, and installed the result on
my proxy box

Re SSL support:
I have the libssl-dev libs installed (config.log tells me it found
openssl-ish stuff) and therefore I assume it's compiled with openssl
support.  But when I run it with "-c" hoping it will create self-signed
certs, the directory remains empty, So not 100% sure.  But I don't think
this matters.  This info included for completeness.

I use a proxy because I have more than one HTTPS-protected web service
exposed on the one public IP.  Apart from certificate jiggery-pokery, nginx
handles this well, other than shellinabox.

I can't dedicate shellinabox to a singular public-facing IP address, but
any other method you can recommend to get this working (in lieu of nginx)
would be great.

I am struggling to display VT100 line drawing characters in shellinabox. I have 
tried different 
character encodings in different browsers running on different OS. The 
shellinabox daemon is 
running on CentOS 5.3.

What steps will reproduce the problem?
1. I have tried different character encoding selections in Firefox 3.5.5 and 
Safari 4.0.4 on Mac 
10.6 and Firefox 3.0.12 on Centos 5.3.
2. I have attached cp437.html that displays the expected line drawing 
characters when the 
character encoding is set to Default in Safari and Western (IBM-850) in 
Firefox. Note that the 
page has a META tag that defines charset=ibm437.
3. I have attached mcc.log which is a capture of an application screen with 
embedded IBM437 line 
drawing characters.
4. Opening cp437.html with encodings as above, the line drawing characters are 
displayed as 
expected.
5. However, a cat off mcc.log within a shellinabox VT100 terminal session gives 
a different 
result.

What is the expected output? 

See Screen shot 2009-11-23 at 5.53.01 PM.png

What do you see instead?

See Screen shot 2009-11-23 at 5.59.57 PM.png

What version of the product are you using? On what operating system?

Built from 2.10.tar.gz source on CentOS 5.3

Please provide any additional information below.

What version of the product are you using? On what operating system?
2.10 on Debian Lenny (5.0)

Is there any possibility to get the SSH host, user, port and password depending 
on the HTTP 
request, instead of one host configuration per service?

I'd like to access, for instance, http://localhost:4200/:id or 
http://localhost:4200/:host/:user/:port or something like that, in a way the 
shellinabox would 
parse it and open the specific connection for that config, just waiting for the 
password (or 
connecting automatically if there is a public key present).

So, in my intranet I would host it and when accessing http://localhost:4200/1 
(with the config in 
some local file) or http://localhost:4200/domain.com/user01/2222 the connection 
would be 
also sucessful.

Any idea how could I solve this idea, if no code change is needed?

Thanks in advance.

Thanks for creating shell in a box.  I installed it a few months ago for a
trip out of the country, and it worked - mostly.

It's not it's fault though!  Many of the internet cafe's where I brought my
laptop seem to have firewalled all ports except 80 and 443 (grrr - at some
point everything will just have to use 443 due to these sort of
restrictions).  Anyhow, to fix this for next time, I added a new internet
visible IP address to my machine, and now I'd like to have the shellinabox
use the NEW-IP port 443.  I can specify the port but not the listen
address.  (It has to be a different address from the apache server of
course, because the ports need to be the same.)

I think the change needed is to add a new command line option to specify
what becomes serverAddr.sin_addr_saddr in server.c.  Then I assume it'll
also get passed with a new X-ShellInABox-Addr output, but I'm not sure what
then needs to change to get the information into the client.

Would you be interested in adding this, or taking a patch back for it?

Thanks.

What steps will reproduce the problem?
1. Fails with IE6 but not Firefox
2. Fails through the proxy but not direct
3. Only combination of proxy and IE6 fails...

What is the expected output? What do you see instead?

Hangs for a long time waiting with progress bar as if network slow

What version of the product are you using? On what operating system?

SVN tip

Please provide any additional information below.

Hmmm... It fails only IE6 though the corporate proxy direct to
shellinaboxd.  If I use Firefox, it works.  If I put the machine on my lan
and don't go through the corporate proxy, it works.  If I put Apache
mod-proxy in front of shellinabox, it works.  SO:

Firefox=>Corp proxy=>SIB works
IE=>Corp proxy=>my Apache proxy=>SIB works
IE=>SIB works
IE=>Corp proxy=>SIB hangs fails locks.

From looking at the cookies, I think the proxy is make by BCSI "Blue Coat
Systems Incorporated" http://www.bluecoat.com.

This cannot be a POST caching issue, it has to be a connection open close
kind of thing, the proxy doesn't know beans about posts within an HTTPS
session.  It just knows CONNECT etc., I think?  Certainly the outbound
corporate proxy can't look into HTTPS and even SEE the POST...

Weird that it is only the one combination, and that there is a way to
change either side to make it work.

Note, in the test where I put the machine directly on the LAN and went
direct IE=>SIB, I confirmed that there are not IE6 issues per-se without
the proxy in between.

Any ideas?  If it really is some HTTPS connection kind of issue, it is more
likely to be fixable on the server side (making the server do differently
whatever Apache does in its HTTPS handling when I put mod-proxy on the
server side) than in the client side (making IE do whatever Firefox does
that works) as probably JS/client can't control IEs behaviour there- but
certainly the server has control and could change it's behaviour.

Should I do something like a wireshark dump of the server side in both cases?

I am using shellinabox behind a https proxy provided by apache2 (and I had
it properly configured prior to revision 152 :) ). That is to say
shellinaboxd is listening in background with the --disable_ssl switch on
and its port is only accessible in local while apache2 is listening https
connection on port 444 and redirect them to the shellinaboxd port.

The problem is that starting with revision 152, when I access the URL of
shellinabox :
https://domain.com:444/shellinabox/
the browser is automatically redirected to
http://domain.com:444/shellinabox/

which of course is broken because the server awaits an encrypted connection.

I believe that the javascript redirection in the lines 53 to 78 of
root_page.html should just check for the protocol to output a proper
redirection, but I did not understand the code of that revision as I know
no javascript (is the 'hasSSL' variable correlated to the -t option ?).

I just prefer my shells to have white text on a black background than black 
text on a white background.

Patch attached for a new --white-on-black command line flag, which can be 
overridden in the JavaScript by setting the global whiteOnBlack variable to 
true or false.

The following code in VT100.prototype.updateStyle() doesn't play nicely
with the white-on-black color scheme:

  // Make some readability enhancements. Most notably, disallow identical
  // background and foreground colors.
  if (bg == fg) {
    if ((fg   ^= 8) == 7) {
      fg       = 8;
    }
  }
  // And disallow bright colors on a light-grey background.
  if (bg == 7 && fg >= 8) {
    if ((fg   -= 8) == 7) {
      fg       = 8;
    }
  }

echo "^[[37;1mtest" ends up being displayed with .ansi8 instead of .ansi15
(which is grey instead of white).
Commenting that code out of the function fixes color display.

What steps will reproduce the problem?
1. Launch SIAB as usual (daemon listening on port 4200)
2. Try to connect through a reverse proxy. Let's suppose that our web 
server listens on the default port, and that we have set up a reverse 
proxy so that /login gets redirected to the IP where SIAB is running. So 
for example we point a browser to http://myhost.com/login.
3. Apparently, the request goes through the reverse proxy, reaches SIAB 
and then fails when SIAB upgrades the session to SSL/TLS (the URL changes 
to http://myhost.com:4200/login, which won't work unless you open that 
port)

What is the expected output? What do you see instead?

The expected behaviour would be getting redirected to the SSL/TLS session 
using the same port as the initial request.

What version of the product are you using? On what operating system?

2.9 (r149) on a fresh Lenny install - Linux version 2.6.26-2-686 (Debian 
2.6.26-17)

Please provide any additional information below.

Reverse proxy is handled by lighttpd, which listens on port 80 on another 
system. 

I've also tried using the --localhost-only option (which the man page 
suggests), but the result was the same (the only visible change was that 
SIAB started listening on the loopback interface only).

I'm not quite sure if this issue is related with the way shellinabox sends 
HTTP headers when establishing the SSL/TLS session or if it happens 
because i haven't set up the reverse proxy properly. If it's because of 
the latter, please disregard this report.

What steps will reproduce the problem?
1. start e.g. vi in insert mode (or xm console under XEN)
2. press CTRL-5

What is the expected output?
vi prints some characters (xm console quits)

What do you see instead?
no reaction/output

What version of the product are you using? On what operating system?
i am using shellinabox 2.9 on Centos 5.3. The browser is Firefox 3.5.3 on
Windows XP.

Please provide any additional information below.

What steps will reproduce the problem?
1. Buy an Intel Core 2 Duo.
2. Install a 64-bit Ubuntu.
3. Try to install the .deb.

What is the expected output? What do you see instead?

Installed.  Wrong architecture.

What version of the product are you using? On what operating system?

Newest.  Ubuntu (64 bit).

Please provide any additional information below.

Probably you get the gist... -Thx

What steps will reproduce the problem?
1. Boot an official Debian Lenny LiveCD (you can get an ISO from http://
cdimage.debian.org/cdimage/release/current-live/)
2. Install SIAB by running dpkg -i ...
3. Point Iceweasel (Firefox) to http://localhost:4200 and you'll see that 
the session doesn't get promoted to SSL.

What is the expected output? What do you see instead?

The expected behaviour would be having the browser getting redirected to 
https://localhost:4200 or some other visual cue indicating that we have 
entered an encrypted session.

What version of the product are you using? On what operating system?

Running SIAB 2.9 (r139) on Debian Lenny (LiveCD)

kernel 2.6.26-2-686 (Debian 2.6.26-15lenny3)

Please provide any additional information below.

No certificate files are created under /var/lib/shellinabox

When trying to access https://localhost:4200 manually, the following 
message shows up in Iceweasel:

Secure connection failed

An error ocurred during the connection to localhost:4200

SSL received a record that exceeded the maximum permissible length.

Error code: ssl_error_rx_record_too_long

Note: i've posted this as new issue, even when it's related to issue #22. 
The reason is that while issue #22 could have been related with some 
misconfiguration on the Debian systems on which the tests were performed, 
the problem being reported in this one happens while running an official 
LiveCD with no modifications.

Hi again

I downloaded the latest source available from svn (revision 121) and it
compiles fine (thanks for that :), then I launched shellinabox on this way:
"sudo ./shellinaboxd --cert=/etc/ssl/ --no-beep --port=8080 --service
/:LOGIN -v" and I got this error when I used https:
http://tinyurl.com/ovkmkf , when I used simple http it doesn't encrypt the
data: http://tinyurl.com/qow8uc 

I also tried with "sudo ./shellinaboxd --no-beep --port=8080 --service
/:LOGIN -v" but I got the same, the output of shellinabox is attached.

Now, as you said that you didn't have access to a "current" openbsd box I
thought that you could use my machine, It runs a 4.4 patched version, so I
think it could be enough, I've searched for ssl libraries and it looks that
all is on its place, although PAM will not work (afaik openbsd doesn't
support it).

Anyway I've made you an account (user/pass=zodiac) with super powers to do
whatever you want on josefina.zapto.org.

Thanks again!

I was trying to package shellinabox on Fedora, and rpmlint outputs the
following warning:
shellinabox.x86_64: W: executable-stack /usr/bin/shellinaboxd

I checked the binary with readelf -S, and it's missing a .note.GNU-STACK
option.

All object files have such a section, except for the css and html files
which are converted with objcopy. I suspect adding this section with
objcopy --add-section can resolve this, I haven't tried it though.

There's some more info about this on
http://www.gentoo.org/proj/en/hardened/gnu-stack.xml