{"id":28159725,"url":"https://github.com/leshniak/httpsh","last_synced_at":"2025-05-15T10:11:30.320Z","repository":{"id":129660638,"uuid":"239994542","full_name":"leshniak/httpsh","owner":"leshniak","description":"Secure shell in your browser","archived":false,"fork":false,"pushed_at":"2024-04-17T10:37:09.000Z","size":91,"stargazers_count":38,"open_issues_count":0,"forks_count":4,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-04-17T12:08:16.971Z","etag":null,"topics":["browser","shell","ssh","systemd-service","terminal","ttyd","xterm"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/leshniak.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-02-12T11:17:46.000Z","updated_at":"2023-12-25T14:49:49.000Z","dependencies_parsed_at":"2023-04-23T04:28:37.162Z","dependency_job_id":null,"html_url":"https://github.com/leshniak/httpsh","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leshniak%2Fhttpsh","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leshniak%2Fhttpsh/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leshniak%2Fhttpsh/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/leshniak%2Fhttpsh/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/leshniak","download_url":"https://codeload.github.com/leshniak/httpsh/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254319720,"owners_count":22051075,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["browser","shell","ssh","systemd-service","terminal","ttyd","xterm"],"created_at":"2025-05-15T10:11:28.673Z","updated_at":"2025-05-15T10:11:30.313Z","avatar_url":"https://github.com/leshniak.png","language":"Shell","funding_links":["https://www.buymeacoffee.com/leshniak"],"categories":[],"sub_categories":[],"readme":"# httpsh 🔒🐚 – secure shell in your browser\nA bunch of scripts and configs that allows to expose a shell via HTTPS.\n\n![httpsh_screenshot](assets/httpsh.png)\n\n## Project requirements\n* works as a system service\n* the service fulfills the principle of minimal privilege (can't simply use `/bin/login` as it requires root privileges)\n* exposes a web client with the user's shell\n* supports password authentication\n* has an optional protection against brute force attacks\n* uses secure transport protocols\n\n## Dependencies\nThe project depends on bash, ssh (client+server), systemd, **[ttyd](https://tsl0922.github.io/ttyd/)**, nginx, grep and optionally fail2ban (if you want to have a brute force protection). sshd must be configured for accepting incoming local connections.\n\nEverything was tested on Debian Linux.\n\n## Installation\n1. Copy the config files ([`etc`](etc) folder) to the corresponding directories in your system.\n2. [Download ttyd](https://github.com/tsl0922/ttyd/releases) and put the executable in `/usr/local/bin/ttyd`. You can choose another directory, but don't forget to edit the config files.\n3. Put [`ttyd-login`](usr/local/bin/ttyd-login) script in `/usr/local/bin/ttyd-login`. Apply `chmod +x` for both executables.\n4. Create a user named `ttyd`, with a home directory and disabled login shell. It is required for `~/.ssh` files. The home can be custom, for example `/var/local/ttyd/`:\n```\n# mkdir -p /var/local/ttyd\n# useradd -d /var/local/ttyd -s /bin/false ttyd\n# chown -R ttyd:ttyd /var/local/ttyd\n```\n5. Add a new location in nginx configuration for your domain. If you want to have a shell under `https://example.com/shell`, add this to the `server` section:\n```\nlocation ~ ^\\/shell(\\/.*)?$ {\n  include snippets/shell.conf;\n}\n```\n\n## Running the service\n1. Reload systemd unit files `systemctl daemon-reload`.\n2. Restart all edited services:\n```\n# systemctl restart nginx\n# systemctl restart fail2ban\n```\n3. Start `httpsh` service and enable the autostart during the system startup:\n```\n# systemctl start ttyd@shell\n# systemctl enable ttyd@shell\n```\n4. The shell should be up and running under `https://example.com/shell`\n\n### **Done! 🎉🏆**\n\n## Recommendations\nI recommend to use fail2ban protection and TLS v1.3 for your domain. **DO NOT** use plain HTTP without TLS – it's like using telnet instead of ssh.\n\n## Questions and suggestions\nIf you have any questions, please create a new Github issue.\n\n## Sponsorship\nIf you appreciate my work, it will be cool to know that I drink my **[coffee ☕](https://www.buymeacoffee.com/leshniak)** thanks to you!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleshniak%2Fhttpsh","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fleshniak%2Fhttpsh","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fleshniak%2Fhttpsh/lists"}