From [email protected] on February 01, 2010 11:06:00

When I run into a daemon that offers me options to change my uid and gid, my expectation is
that it will totally drop its root privileges as soon as possible. I was therefore surprised and
concerned to notice that shellinaboxd actually leaves the saved set-user-ID value set to root in
the launcher process. Furthermore, dropping the real and effective UIDs to nobody but leaving
the saved set-user-ID is somewhat deceptive in that it lulls people into thinking that the
daemon is running totally unprivileged.

I think a better solution would be roughly as follows:

• If shellinabox is started as root, and a uid or gid is specified, unconditionally drop privileges. If
  this breaks the LOGIN service, that will affect fewer people then having shellinaboxd
  unconditionally hold on to privileges.
• If neither a uid or gid is specified, look at the service map. If the LOGIN service is in the service
  map, do not drop privileges at all - run the daemon as root
• If neither a uid or gid is specified, and the LOGIN service is not in the service map, drop
  privileges to nobody/nogroup

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=48

From [email protected] on March 17, 2009 04:07:11

What steps will reproduce the problem? 1. Start with certificate which requires intermediate certs.
2. Open with browser that doesn't have those certs.
3. Browser fails. I tried concatenating them in the pem... What is the expected output? What do you see instead? Browser should be able to access the chain to the one it trusts. What version of the product are you using? On what operating system? SVN tip, ubuntu 8.10 Please provide any additional information below. In, i.e., apache, I can use, i.e., SSLCertificateChainFile...

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=4

From [email protected] on June 12, 2009 13:29:02

What steps will reproduce the problem? 1. Type @ or | on German quertz-Keyboard doesn't put any character in
Terminal. (All this Chars need the AltGr-Key pressed) What is the expected output? What do you see instead? - { or [ or ] or } produces beep

• @ or € or | produces nothing
• @@ produces "Display all possibilities?" What version of the product are you using? On what operating system? - shellinabox 2.8 self compiled on a
• debian lenny with kernel 2.6.26 Please provide any additional information below.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=16

From [email protected] on November 26, 2009 11:14:17

What steps will reproduce the problem? 1. Install the .deb on Ubuntu 8.04.3 Hardy server
2. Attempt to start shellinabox using sudo /etc/init.d/shellinabox start
3. get error message What is the expected output? What do you see instead? alan@bishop:~$ sudo /etc/init.d/shellinabox start

• Starting Shell In A Box Daemon shellinabox
  Check failed at libhttp/ssl.c:685 in sslSetCertificate():
  SSL_CTX_set_tlsext_servername_callback(ssl->sslContext, sslSNICallback)
  ...done. What version of the product are you using? On what operating system? ii shellinabox 2.10-1 publish
  command line shell through AJAX interface

alan@bishop:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 8.04.3 LTS
Release: 8.04
Codename: hardy Please provide any additional information below.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=38

From [email protected] on November 22, 2009 22:54:29

What steps will reproduce the problem? gcc version 4.3.4 (Gentoo 4.3.4 p1.0, pie-10.1.5)
Linking of ascii text files (cgi_root.html->cgi_root.o, etc.) seems to be a problem in my
environment What is the expected output? What do you see instead? ...............................
/bin/sh ./libtool --tag=CC --mode=link gcc -g -std=gnu99 -Wall -Os -static -o
shellinaboxd shellinaboxd.o externalfile.o launcher.o privileges.o service.o session.o usercss.o
shellinabox/cgi_root.o shellinabox/root_page.o shellinabox/vt100.o
shellinabox/shell_in_a_box.o shellinabox/styles.o shellinabox/print-styles.o
shellinabox/enabled.o shellinabox/favicon.o shellinabox/beep.o liblogging.la libhttp.la -lz -ldl -
lutil
libtool: link: gcc -g -std=gnu99 -Wall -Os -o shellinaboxd shellinaboxd.o externalfile.o
launcher.o privileges.o service.o session.o usercss.o shellinabox/cgi_root.o
shellinabox/root_page.o shellinabox/vt100.o shellinabox/shell_in_a_box.o shellinabox/styles.o
shellinabox/print-styles.o shellinabox/enabled.o shellinabox/favicon.o shellinabox/beep.o
./.libs/liblogging.a ./.libs/libhttp.a -lz -ldl -lutil
/usr/lib/gcc/powerpc-unknown-linux-gnu/4.3.4/../../../../powerpc-unknown-linux-
gnu/bin/ld:shellinabox/cgi_root.o: file format not recognized; treating as linker script
/usr/lib/gcc/powerpc-unknown-linux-gnu/4.3.4/../../../../powerpc-unknown-linux-
gnu/bin/ld:shellinabox/cgi_root.o:1: syntax error
collect2: ld returned 1 exit status
make[1]: *** [shellinaboxd] Error 1
make[1]: Leaving directory `/usr/src/shellinabox-2.10'
make: *** [all] Error 2 What version of the product are you using? On what operating system? shellinabox-2.10
linux-2.6.30-gentoo- r8

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=35

From [email protected] on May 21, 2009 12:04:24

I am using firefox 3.0.10 under ubuntu 9.04 64 bits edition. When I connect
to a shellinabox running on a computer with utf8 default encoding (both the
client and the server in fact), the display of the characters is correct,
but I can't enter any accentuated key with my french azerty keyboard.

Particularly, on the first row of keys (where the numbers are on a US
keyboard), the key '2' is supposed to give the letter 'é' (the number '2'
is obtained by pressing shift+the key). But when I press this key, nothing
happens (no character appears on the screen, and the state of the software
seems not to change as any other key pressed after will function normally).

The same thing happen (that is, nothing) when pressing other non-ASCII key
(e.g. number '7' which correspond to the character 'è' or '9' or '0' (which
are labelled 'ç' and 'à' on my keyboard, and some other keys like 'ù' which
sits to column right of 'L').

With firefox 3.0.10 under windows, there is no problem.

As I am compiling shellinaboxd from source, I can help with the debugging.
I tried to implement some debuging printout in "VT100.prototype.handleKey",
but I know no javascript, so I was unsuccessful. Tell me if there is
something I can do to help find the origin of the problem.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=13

From [email protected] on November 12, 2009 14:34:16

What steps will reproduce the problem? 1. Buy an Intel Core 2 Duo.
2. Install a 64-bit Ubuntu.
3. Try to install the .deb. What is the expected output? What do you see instead? Installed. Wrong architecture. What version of the product are you using? On what operating system? Newest. Ubuntu (64 bit). Please provide any additional information below. Probably you get the gist... -Thx

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=32

From [email protected] on March 18, 2009 19:21:36

What steps will reproduce the problem? 1. Launch with port 443 What is the expected output? What do you see instead? Fails on permissions. Please provide any additional information below. Many corporate firewalls only allow outgoing HTTPS traffic on port 443.

For these situations, the listener MUST be there.

I'm currently just using a router to forward 443 to 4200, but that wouldn't
work for all people in all situations, so this is desirable. For me, since
I have control of iptables rules in my openwrt linux based router, it isn't
really a high priority. But I'm one of those whose workplace firewall will
not allow anything but HTTP on 80 and HTTPS on 443.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=6

From [email protected] on March 16, 2009 15:48:29

What steps will reproduce the problem? 1. download current SVN (as-of Mar 16 2009 1400UTC)
2. ./configure
3. ./make What is the expected output? What do you see instead? gcc -DHAVE_CONFIG_H -I. -g -std=gnu99 -Wall -Werror -Os -g -O2 -MT
launcher.o -MD
-MP -MF .deps/launcher.Tpo -c -o launcher.o test -f 'shellinabox/launcher.c' || echo './'shellinabox/launcher.c
cc1: warnings being treated as errors
shellinabox/launcher.c: In function ‘launcherDaemon’:
shellinabox/launcher.c:1246: error: ignoring return value of ‘write’,
declared with
attribute warn_unused_result
make[1]: *** [launcher.o] Error 1
make[1]: Leaving directory `/usr/local/src/shellinabox/shellinabox-read-only'
make: *** [all] Error 2
root@6m:/usr/local/src/shellinabox/shellinabox-read-only# What version of the product are you using? On what operating system? Current SVN Mar 16 Ubuntu 8.10 Please provide any additional information below. May be related to other build issue that was fixed.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=3

From [email protected] on July 12, 2009 20:36:05

What steps will reproduce the problem? 1. Install Debian package on an Etch system: dpkg -i
shellinabox_2.9-1_i386.deb
2. Run SIAB daemon (as root) : shellinaboxd --cert=/tmp/certificates -g
shellinabox
3. Point a browser to https://localhost:4200 What is the expected output? What do you see instead? I'd expect a self-signed certificate to be created under /tmp/certificates
and an encrypted browser session. Instead of that, when I go to the https
URL, I get an error message (varies depending upong the browser) saying
that a connection cannot be established. If I go to http://localhost:4200
then I get the login prompt, but the connection is never promoted to SSL/
TLS. I've tried Opera, Firefox, Konqueror and IE6 (by using Wine).

It's quite likely that I'm missing something pretty obvious here, but I
cannot find what is it. What version of the product are you using? On what operating system? I'm running version 2.9 ( r139 ), installed from the Debian package that is
available for download. The operating system is Debian Etch running a
vserver-k7 kernel:

Linux version 2.6.18-6-vserver-k7 (Debian 2.6.18.dfsg.1-18etch1)
([email protected]) (gcc version 4.1.2 20061115 (prerelease) (Debian
4.1.1-21)) #1 SMP Sun Feb 10 22:35:25 UTC 2008 Please provide any additional information below. When trying to access SIAB through https://.. with Firefox, I got an
error message that I had never seen before: "localhost has sent an
incorrect or unexpected message. Error code: -12263".

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=22

From [email protected] on May 24, 2009 14:55:20

Hi again

I downloaded the latest source available from svn ( revision 121 ) and it
compiles fine (thanks for that :), then I launched shellinabox on this way:
"sudo ./shellinaboxd --cert=/etc/ssl/ --no-beep --port=8080 --service
/:LOGIN -v" and I got this error when I used https: http://tinyurl.com/ovkmkf , when I used simple http it doesn't encrypt the
data: http://tinyurl.com/qow8uc I also tried with "sudo ./shellinaboxd --no-beep --port=8080 --service
/:LOGIN -v" but I got the same, the output of shellinabox is attached.

Now, as you said that you didn't have access to a "current" openbsd box I
thought that you could use my machine, It runs a 4.4 patched version, so I
think it could be enough, I've searched for ssl libraries and it looks that
all is on its place, although PAM will not work (afaik openbsd doesn't
support it).

Anyway I've made you an account (user/pass=zodiac) with super powers to do
whatever you want on josefina.zapto.org.

Thanks again!

Attachment: output

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=14

From [email protected] on November 25, 2009 21:04:04

What version of the product are you using? On what operating system? 2.10 on Debian Lenny (5.0)

Is there any possibility to get the SSH host, user, port and password depending on the HTTP
request, instead of one host configuration per service?

I'd like to access, for instance, http://localhost:4200/:id or
http://localhost:4200/:host/:user/:port or something like that, in a way the shellinabox would
parse it and open the specific connection for that config, just waiting for the password (or
connecting automatically if there is a public key present).

So, in my intranet I would host it and when accessing http://localhost:4200/1 (with the config in
some local file) or http://localhost:4200/domain.com/user01/2222 the connection would be
also sucessful.

Any idea how could I solve this idea, if no code change is needed?

Thanks in advance.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=37

From [email protected] on July 31, 2009 02:11:05

Just two requests which would be neat :)

1. Option to have a black background.
2. Option to disable colours. Handy if your using IRC and want it to look
   liek your doing actual work :)

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=26

From [email protected] on March 30, 2009 15:40:48

1. Install using generated .deb file
2. Edit /etc/default/shellinabox giving custom "-c" (or -g) option.
3. Startup fails with "Only one certificate directory can be selected" etc.

Note, also, no messages of any kind are logged to syslog or daemon.log - it
was necessary to manually turn off "quiet" options and even then the error
came to stdout, not to a log file. Expected behaviour with a .deb
installed daemon would be for log messages to go to /var/log files, and for
something to be logged in the case of a startup failure.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=11

From ruben%[email protected] on December 10, 2009 16:41:24

I was trying to package shellinabox on Fedora, and rpmlint outputs the
following warning:
shellinabox.x86_64: W: executable-stack /usr/bin/shellinaboxd

I checked the binary with readelf -S, and it's missing a .note.GNU-STACK
option.

All object files have such a section, except for the css and html files
which are converted with objcopy. I suspect adding this section with
objcopy --add-section can resolve this, I haven't tried it though.

There's some more info about this on http://www.gentoo.org/proj/en/hardened/gnu-stack.xml

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=41

From [email protected] on February 01, 2010 11:13:48

The install target of the debian/rules file uses ln(1) to link the example CSS profiles in
/usr/share/doc/shellinabox into /etc/shellinabox/options-available/

This makes the package un-buildable within filesystems such as AFS, which don't allow cross-
directory hardlinks at all. It also makes the package potentially uninstallable, should
/usr/share/doc/shellinabox and /etc/shellinabox/options-available be on different local
filesystems (which is always at the sysadmins' discretion)

See also < http://lintian.debian.org/tags/package-contains-hardlink.html >

Those files should be either copied between the two locations, or one of the locations should be
a symlink.

Attached is the very straightforward patch to use copies instead of hardlinks.

Attachment: no-cross-dir-hardlinks.patch

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=49

From [email protected] on August 27, 2009 04:15:01

Hi,

I wanted to be able to issue a login banner when using the internal LOGIN
function of shellinabox, ala /sbin/getty -f issuefile. I tried this when
starting shellinabox:

/usr/bin/shellinaboxd --user=0 --group=0
--service="/:root:root:/:/sbin/getty -f /etc/issue #38400 -"

But something wasn't happy, and I definitely lack the skill to troubleshoot
it.

I hacked up the attached super-n00b patch, which does work, but is most
likely not the best solution. agetty (the getty I'm using) allows for
string substitution in issue files, but the attached patch just cats the
issue file to the client, so ANSI escape sequences work (the client renders
them correctly) but no string substitution is performed.

Screenshot of the banner here (click through google's thingy): http://psas.googlegroups.com/web/siab.issue_banner.26Aug2009.jpg Also, any plans on setting up a mailing list for SIAB, using the issue
tracker for stuff like this seems like overkill.

Thanks,

Brian

Attachment: shellinabox-2.9.issue_banner.26Aug2009.patch

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=29

From [email protected] on March 23, 2009 21:37:41

Hi,

I have made https://code.google.com/p/ajaxgroovyshell/ I use the processed vt100.js and shell_in_a_box.js files from shellinabox.
I will try to update from your repository once in a while.

I considered to fetch the files directly from your repository in the
buildscript, but since I need the processed files, I don't think it will work.

Thanks for the great code.

Best
Anders

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=10

From [email protected] on July 12, 2009 23:19:47

What steps will reproduce the problem? 1. Boot an official Debian Lenny LiveCD (you can get an ISO from http://
cdimage.debian.org/cdimage/release/current-live/)
2. Install SIAB by running dpkg -i ...
3. Point Iceweasel (Firefox) to http://localhost:4200 and you'll see that
the session doesn't get promoted to SSL. What is the expected output? What do you see instead? The expected behaviour would be having the browser getting redirected to
https://localhost:4200 or some other visual cue indicating that we have
entered an encrypted session. What version of the product are you using? On what operating system? Running SIAB 2.9 ( r139 ) on Debian Lenny (LiveCD)

kernel 2.6.26-2-686 (Debian 2.6.26-15lenny3) Please provide any additional information below. No certificate files are created under /var/lib/shellinabox

When trying to access https://localhost:4200 manually, the following
message shows up in Iceweasel:

Secure connection failed

An error ocurred during the connection to localhost:4200

SSL received a record that exceeded the maximum permissible length.

Error code: ssl_error_rx_record_too_long

Note: i've posted this as new issue, even when it's related to issue #22 .
The reason is that while issue #22 could have been related with some
misconfiguration on the Debian systems on which the tests were performed,
the problem being reported in this one happens while running an official
LiveCD with no modifications.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=23

From [email protected] on October 21, 2009 10:29:11

What steps will reproduce the problem? 1. start e.g. vi in insert mode (or xm console under XEN)
2. press CTRL-5

What is the expected output?
vi prints some characters (xm console quits)

What do you see instead?
no reaction/output What version of the product are you using? On what operating system? i am using shellinabox 2.9 on Centos 5.3. The browser is Firefox 3.5.3 on
Windows XP. Please provide any additional information below.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=31

From [email protected] on December 24, 2009 09:09:46

What steps will reproduce the problem? 1. Install and use Shellinabox 2.10
2. Use a french keyboard
3. Try to type the 'â' character What is the expected output? What do you see instead? Expected: 'â'
Seen: ']â' instead What version of the product are you using? On what operating system? Server: Shellinabox 2.10 on linux 2.6.31
Client: Windows XP SP3. Browsers: tried with FF 3.5.6 and IE8

This problem doesn't affect v2.9

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=43

From [email protected] on August 04, 2009 19:30:24

I am using shellinabox behind a https proxy provided by apache2 (and I had
it properly configured prior to revision 152 :) ). That is to say
shellinaboxd is listening in background with the --disable_ssl switch on
and its port is only accessible in local while apache2 is listening https
connection on port 444 and redirect them to the shellinaboxd port.

The problem is that starting with revision 152 , when I access the URL of
shellinabox : https://domain.com:444/shellinabox/ the browser is automatically redirected to http://domain.com:444/shellinabox/ which of course is broken because the server awaits an encrypted connection.

I believe that the javascript redirection in the lines 53 to 78 of
root_page.html should just check for the protocol to output a proper
redirection, but I did not understand the code of that revision as I know
no javascript (is the 'hasSSL' variable correlated to the -t option ?).

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=27

From [email protected] on June 22, 2009 01:43:43

Freshly enthused by your rapid response to my issue #17 , I'd like to offer
this feature request.

I'd like to see shellinabox be able to detect URLs and turn them into
links. This could be an option on the command line.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=18

From [email protected] on March 21, 2009 17:59:54

What steps will reproduce the problem? 1. Fails with IE6 but not Firefox
2. Fails through the proxy but not direct
3. Only combination of proxy and IE6 fails... What is the expected output? What do you see instead? Hangs for a long time waiting with progress bar as if network slow What version of the product are you using? On what operating system? SVN tip Please provide any additional information below. Hmmm... It fails only IE6 though the corporate proxy direct to
shellinaboxd. If I use Firefox, it works. If I put the machine on my lan
and don't go through the corporate proxy, it works. If I put Apache
mod-proxy in front of shellinabox, it works. SO:

Firefox=>Corp proxy=>SIB works
IE=>Corp proxy=>my Apache proxy=>SIB works
IE=>SIB works
IE=>Corp proxy=>SIB hangs fails locks.

From looking at the cookies, I think the proxy is make by BCSI "Blue Coat
Systems Incorporated" http://www.bluecoat.com .

This cannot be a POST caching issue, it has to be a connection open close
kind of thing, the proxy doesn't know beans about posts within an HTTPS
session. It just knows CONNECT etc., I think? Certainly the outbound
corporate proxy can't look into HTTPS and even SEE the POST...

Weird that it is only the one combination, and that there is a way to
change either side to make it work.

Note, in the test where I put the machine directly on the LAN and went
direct IE=>SIB, I confirmed that there are not IE6 issues per-se without
the proxy in between.

Any ideas? If it really is some HTTPS connection kind of issue, it is more
likely to be fixable on the server side (making the server do differently
whatever Apache does in its HTTPS handling when I put mod-proxy on the
server side) than in the client side (making IE do whatever Firefox does
that works) as probably JS/client can't control IEs behaviour there- but
certainly the server has control and could change it's behaviour.

Should I do something like a wireshark dump of the server side in both cases?

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=8

From [email protected] on July 08, 2009 13:13:49

What steps will reproduce the problem? Check out an old version, build, then update and attempt to rebuild.

1. svn co -r 136 http://shellinabox.googlecode.com/svn/trunk/ shellinabox-from-svn
2. cd shellinabox-from-svn/
3. ./configure
4. make # (works)
5. svn update
6. ./configure # (optional)
7. make

Transcript attached, but the critical bit is pasted below too:

make[1]: Entering directory /home/tony/shellinabox-from-svn' /bin/sh ./libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -g -std=gnu99 -Wall -Os -MT hashmap.lo -MD -MP -MF .deps/hashmap.Tpo -c -o hashmap.lotest -f 'libhttp/hashmap.c' || echo './'libhttp/hashmap.c ./libtool: line 467: CDPATH: command not found ./libtool: line 1145: func_opt_split: command not found libtool: Version mismatch error. This is libtool 2.2.6 Debian-2.2.6a-4, but the libtool: definition of this LT_INIT comes from an older release. libtool: You should recreate aclocal.m4 with macros from libtool 2.2.6 Debian-2.2.6a-4 libtool: and run autoconf again. make[1]: *** [hashmap.lo] Error 63 make[1]: Leaving directory/home/tony/shellinabox-from-svn'
make: *** [all] Error 2 What is the expected output? What do you see instead? A successful build What version of the product are you using? On what operating system? Debian Lenny, amd64, virtualised under OpenVZ Please provide any additional information below.

Attachment: screenlog.0

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=20

From [email protected] on March 17, 2009 05:02:22

What steps will reproduce the problem? 1. Works fine in Firefox, verified several versions
2. Open from IE6 6.0.2900.2180.xpsp_sp2_gdr.080814-1223
3. Hangs, but then after a while has "line 495 char 3 invalid argument" What is the expected output? What do you see instead? would like it to work with IE6 What version of the product are you using? On what operating system? see above Please provide any additional information below.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=5

From [email protected] on November 17, 2009 17:07:53

Thanks for creating shell in a box. I installed it a few months ago for a
trip out of the country, and it worked - mostly.

It's not it's fault though! Many of the internet cafe's where I brought my
laptop seem to have firewalled all ports except 80 and 443 (grrr - at some
point everything will just have to use 443 due to these sort of
restrictions). Anyhow, to fix this for next time, I added a new internet
visible IP address to my machine, and now I'd like to have the shellinabox
use the NEW-IP port 443. I can specify the port but not the listen
address. (It has to be a different address from the apache server of
course, because the ports need to be the same.)

I think the change needed is to add a new command line option to specify
what becomes serverAddr.sin_addr_saddr in server.c. Then I assume it'll
also get passed with a new X-ShellInABox-Addr output, but I'm not sure what
then needs to change to get the information into the client.

Would you be interested in adding this, or taking a patch back for it?

Thanks.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=33

From [email protected] on December 04, 2009 22:59:16

Love the project! This is a minor gripe that may not have an easy (any?)
solution. What steps will reproduce the problem? 1. Copy text from another application
2. Right click in the shellinabox console
3. Paste option is disabled What is the expected output? What do you see instead? Paste option is enabled and allows me to paste the contents of my system
clipboard. What version of the product are you using? On what operating system? Server: shellinabox-2.10 on Debian Testing (armel)
Client: Firefox 3.5 on Windows XP Please provide any additional information below. If it is not possible to integrate the copy/paste options in the
right-click menu with the operating system's clipboard, consider this
possible solution: Don't hijack the Common User Access
( http://en.wikipedia.org/wiki/Common_User_Access ) shortcuts (e.g.
Shift+Ins). Instead leave them to the interpretation of the web
browser/operating system.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=39

From [email protected] on February 01, 2010 14:21:09

What steps will reproduce the problem? 1.shellinaboxd --user=nobody --group=nobody --port=2666 -s /:SSH
2.In web browser i'm getting login prompt. When type username I being
disconnected within an error

command-line line 0: Unsupported option "GSSAPIAuthentication"
command-line line 0: Bad configuration option: VisualHostKey What is the expected output? What do you see instead? Run in shellinaboxd in debug mode, no joy. All it shows is session opened
and then closed (screenshot attached) What version of the product are you using? On what operating system? v2.10 Please provide any additional information below. Let me know if you need more info

Attachment: screenshot1.jpg

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=50

From [email protected] on December 26, 2009 11:53:35

First of all, You made a good peace of useful software.
And now comes the "but" statement.

But there are some small improvements that will improve the usefulness:

1. whenever I create something with script on Unix-like box, I have
   pictures or files as a result
   (textopdf (pdf) or R (statistics) script (png, pdf, jpg), ...),
   I can rearrange the script that the result will go to the file (created
   dynamically),
   and I would like to see the content.
   I have seen in the code that you are creating the links and the user can
   click on the link,
   but I have to arrange another server to provide the content.
   Is it possible to serve the dynamic content too.
2. whenever the URL is coming like a content, it it possible to create an
   event handler (or alert function),
   to pull the URL to specific tab (as a separate window, to load the URL in a
   floating IFRAME or load the URL over HTTP Request object)
3. posting script, shell command, ... without typing (purpose: showcase,
   shell scripting course, ...),
   we can make floating DIV with buttons and content as it should be typed.
4. simple solution for clipboard: you already have local clipboard (for the
   session), make two boxes (list box widget) to copy to or from
   system clip board (I'm using Klipper, so I can copy the content from The
   Screen), and please do not push any other plugin to do the job,
   now the solution is without Flash and/or Java, and that's fine and clean.
5. printing or copying the content of the screen: it will be fine, to have
   a possibility to pick up the whole content into the string.
6. and the upload of the file to the specific tmp folder

Yes, I know, some of these things are not so easy to create, but I have a
hope :-)

Merry Christmas and Happy New Year

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=44

From [email protected] on January 24, 2010 17:25:29

logging/logging.c:183: error: only weak aliases are supported in this
configuration

And indeed I see use of the attribute(("alias")) feature in logging.c

Unfortunately there is no comment explaining what this is for or why it's used.
It appears to be a part of the lazy-loaded SSL support?

Can this be code be changed?

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=47

From [email protected] on July 08, 2009 13:20:45

What steps will reproduce the problem? 1. type http://example.com/somefile.jpg into a SIAB session
2. notice that only " http://example.com/somefile " is linkified What is the expected output? What do you see instead? To linkify the extension too What version of the product are you using? On what operating system? Debian lenny, amd64, SVN r142 , Firefox 3.0.11 on Ubuntu, and also IE8 on Win XP Please provide any additional information below. Screenshot attached

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=21

From [email protected] on March 18, 2009 19:31:09

What steps will reproduce the problem? 1. Type a long line, watch the cursor position. What is the expected output? What do you see instead? The cursor should be where the next character will render.

Instead, it lags more and more as I type, about 1 for 15.
That is, every 15 characters, it is one character more displaced left. What version of the product are you using? On what operating system? Firefox 3.07, probably Andale Mono is the default monospace font. Please provide any additional information below. NOTA BENE: The problem is NOT occurring with Linux Firefox 3.07 and Linux
default Monospace font. I conjecture that this is a font metrics problem?

But I don't know if the problem is with shellinabox or with the font?

Possibly this is really a bug with Microsoft's Andale Mono font?

Or maybe it is a bug with how shellinabox javascript figures out the metric
for where to put the cursor? I don't know the heuristic...

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=7

From [email protected] on June 21, 2009 15:33:35

What steps will reproduce the problem? 1. install shellinabox on a server
2. configure nginx to listen on HTTPS and forward it to shellinabox
3. try and browse to shellinabox via the HTTPS proxy

Result: I get the "Connect" as per if I had logged out. Attempts to
connect or refresh get quickly bounced back to the "Connect" button.

Is there anything in shellinabox that doesn't play well with HTTPS and
proxies? Please note I have it running fine through a HTTP proxy (apache).

Build process:
I am using v2.8, running on Debian lenny, AMD64. I created a package using
the venerable checkinstall, on my builder box, and installed the result on
my proxy box

Re SSL support:
I have the libssl-dev libs installed (config.log tells me it found
openssl-ish stuff) and therefore I assume it's compiled with openssl
support. But when I run it with "-c" hoping it will create self-signed
certs, the directory remains empty, So not 100% sure. But I don't think
this matters. This info included for completeness.

I use a proxy because I have more than one HTTPS-protected web service
exposed on the one public IP. Apart from certificate jiggery-pokery, nginx
handles this well, other than shellinabox.

I can't dedicate shellinabox to a singular public-facing IP address, but
any other method you can recommend to get this working (in lieu of nginx)
would be great.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=17

From [email protected] on July 27, 2009 04:17:03

What steps will reproduce the problem? 1. Launch SIAB as usual (daemon listening on port 4200)
2. Try to connect through a reverse proxy. Let's suppose that our web
server listens on the default port, and that we have set up a reverse
proxy so that /login gets redirected to the IP where SIAB is running. So
for example we point a browser to http://myhost.com/login .
3. Apparently, the request goes through the reverse proxy, reaches SIAB
and then fails when SIAB upgrades the session to SSL/TLS (the URL changes
to http://myhost.com:4200/login , which won't work unless you open that
port) What is the expected output? What do you see instead? The expected behaviour would be getting redirected to the SSL/TLS session
using the same port as the initial request. What version of the product are you using? On what operating system? 2.9 ( r149 ) on a fresh Lenny install - Linux version 2.6.26-2-686 (Debian
2.6.26-17) Please provide any additional information below. Reverse proxy is handled by lighttpd, which listens on port 80 on another
system.

I've also tried using the --localhost-only option (which the man page
suggests), but the result was the same (the only visible change was that
SIAB started listening on the loopback interface only).

I'm not quite sure if this issue is related with the way shellinabox sends
HTTP headers when establishing the SSL/TLS session or if it happens
because i haven't set up the reverse proxy properly. If it's because of
the latter, please disregard this report.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=25

From [email protected] on November 23, 2009 08:03:13

I am struggling to display VT100 line drawing characters in shellinabox. I have tried different
character encodings in different browsers running on different OS. The shellinabox daemon is
running on CentOS 5.3. What steps will reproduce the problem? 1. I have tried different character encoding selections in Firefox 3.5.5 and Safari 4.0.4 on Mac
10.6 and Firefox 3.0.12 on Centos 5.3.
2. I have attached cp437.html that displays the expected line drawing characters when the
character encoding is set to Default in Safari and Western (IBM-850) in Firefox. Note that the
page has a META tag that defines charset=ibm437.
3. I have attached mcc.log which is a capture of an application screen with embedded IBM437 line
drawing characters.
4. Opening cp437.html with encodings as above, the line drawing characters are displayed as
expected.
5. However, a cat off mcc.log within a shellinabox VT100 terminal session gives a different
result.

What is the expected output?

See Screen shot 2009-11-23 at 5.53.01 PM.png

What do you see instead?

See Screen shot 2009-11-23 at 5.59.57 PM.png What version of the product are you using? On what operating system? Built from 2.10.tar.gz source on CentOS 5.3 Please provide any additional information below.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=36

From [email protected] on February 14, 2009 18:01:56

What steps will reproduce the problem? 1. download
2. ./configure
3. make What is the expected output? What do you see instead? /bin/bash ./libtool --tag=CC --mode=compile gcc -DHAVE_CONFIG_H -I. -g
-std=gnu99 -Wall -Werror -Os -g -O2 -MT httpconnection.lo -MD -MP -MF
.deps/httpconnection.Tpo -c -o httpconnection.lo test -f 'libhttp/httpconnection.c' || echo './'libhttp/httpconnection.c
gcc -DHAVE_CONFIG_H -I. -g -std=gnu99 -Wall -Werror -Os -g -O2 -MT
httpconnection.lo -MD -MP -MF .deps/httpconnection.Tpo -c
libhttp/httpconnection.c -fPIC -DPIC -o .libs/httpconnection.o
cc1: warnings being treated as errors
libhttp/httpconnection.c: In function ‘httpHandleCommand’:
libhttp/httpconnection.c:554: error: format not a string literal and no
format arguments
libhttp/httpconnection.c:557: error: format not a string literal and no
format arguments
libhttp/httpconnection.c:571: error: format not a string literal and no
format arguments
libhttp/httpconnection.c:608: error: format not a string literal and no
format arguments
libhttp/httpconnection.c: In function ‘httpParseCommand’:
libhttp/httpconnection.c:637: error: format not a string literal and no
format arguments
libhttp/httpconnection.c: In function ‘httpParseHeaders’:
libhttp/httpconnection.c:784: error: format not a string literal and no
format arguments
libhttp/httpconnection.c: In function ‘httpHandleConnection’:
libhttp/httpconnection.c:943: error: format not a string literal and no
format arguments
make[1]: *** [httpconnection.lo] Error 1
make[1]: Leaving directory `/home/biehl/devel/progs/shellinabox-2.4'
make: *** [all] Error 2 What version of the product are you using? On what operating system? Ubuntu 8.10, gcc version 4.3.2 (Ubuntu 4.3.2-1ubuntu12) Please provide any additional information below. Workaround as before, more errors seem to hide after the first one above
(is there any reason to release with -Werror?)

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=2

From [email protected] on December 24, 2009 03:26:01

What steps will reproduce the problem? 1. Install siab 2.10 from deb pkg, letting default settings
2. Setup a reverse-proxy with lighttpd to access siab from https://example.com/terminal/ 3. Go to https://example.com/terminal/ -> Error 404.

See attached the log of siab while it give me that 404 error :

The lighttpd conf piece looks like :

$HTTP["host"] =~ "example.com" {
    proxy.server = ( "/terminal/" =>
                (
                 ( "host" => "127.0.0.1", "port" => 4200)
                )
                )
}

P.S: It works flawlessly if I access it directly towards the 4200 port.

Attachment: siab.log

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=42

From [email protected] on August 17, 2009 09:29:07

I want to send parameter to the running shell.
for example i want to send ip address and the shellinabox will telnet the ip.
Every time i want telnet to different ip and do it in same time .
the parameter can send by POST or GET

Thanks a lot

Guy

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=28

From [email protected] on May 20, 2009 10:32:22

I don't know if I'm how is wrong or something in shell in a box, I
downloaded shellinabox-2.7.tar.gz

./configure and make are attached

Thanks in advance and keep up the good work :)

Note: Excuse my English, I'm still learning it.

Attachment: configure make

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=12

From [email protected] on July 14, 2009 16:59:25

I just prefer my shells to have white text on a black background than black
text on a white background.

Patch attached for a new --white-on-black command line flag, which can be
overridden in the JavaScript by setting the global whiteOnBlack variable to
true or false.

Attachment: shellinabox-whiteonblack.patch

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=24

From [email protected] on December 07, 2009 19:44:00

What steps will reproduce the problem? 1. Installed from source using tar ball
2. ./configure - make && make install
3. Ran shellinaboxd and it works but not through HTTPS What is the expected output? What do you see instead? A secured session What version of the product are you using? On what operating system? Latest - CentOS 5.4 (Final) Please provide any additional information below. OpenSSL works fine for Webmin sessions. Not for Shellinabox though.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=40

From [email protected] on January 09, 2010 17:59:47

What steps will reproduce the problem? 1. Use the following PS1 for zsh: "%{^[[33;36;1m%}%T%{^[[0m%}
%{^[[33;31;1m%}%n%{^[[0m^[[33;33;1m%}@%{^[[33;37;1m%}%m
%{^[[33;32;1m%}%~%{^[[0m^[[33;33;1m%}%#%{^[[0m%} " (you'll need to retype
the ^[ chars)
2. The cursor will appear inside the PS1 output if no character is typed on
the line. The cursor is correctly aligned for lines containing 1 or more
characters.

Note that using a similar line on bash doesn't cause the same problem
("[\e[1;36m]\A [\e[1;31m]\u[\e[1;33m]@[\e[1;37m]\h
[\e[1;32m]\w[\e[1;33m]% [\e[0m]").

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=45

From [email protected] on February 11, 2009 16:57:44

What steps will reproduce the problem? 1. download
2. ./configure
3. make What is the expected output? What do you see instead? /bin/bash ./libtool --tag=CC --mode=compile gcc
-DPACKAGE_NAME="shellinabox" -DPACKAGE_TARNAME="shellinabox"
-DPACKAGE_VERSION="2.3" -DPACKAGE_STRING="shellinabox\ 2.3"
-DPACKAGE_BUGREPORT="[email protected]" -DPACKAGE="shellinabox"
-DVERSION="2.3" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
-DHAVE_PTHREAD_H=1 -I. -g -std=gnu99 -Wall -Werror -Os -g -O2 -MT ssl.lo
-MD -MP -MF .deps/ssl.Tpo -c -o ssl.lo test -f 'libhttp/ssl.c' || echo './'libhttp/ssl.c
gcc -DPACKAGE_NAME="shellinabox" -DPACKAGE_TARNAME="shellinabox"
-DPACKAGE_VERSION="2.3" "-DPACKAGE_STRING="shellinabox 2.3""
-DPACKAGE_BUGREPORT="[email protected]" -DPACKAGE="shellinabox"
-DVERSION="2.3" -DSTDC_HEADERS=1 -DHAVE_SYS_TYPES_H=1 -DHAVE_SYS_STAT_H=1
-DHAVE_STDLIB_H=1 -DHAVE_STRING_H=1 -DHAVE_MEMORY_H=1 -DHAVE_STRINGS_H=1
-DHAVE_INTTYPES_H=1 -DHAVE_STDINT_H=1 -DHAVE_UNISTD_H=1 -DHAVE_DLFCN_H=1
-DHAVE_PTHREAD_H=1 -I. -g -std=gnu99 -Wall -Werror -Os -g -O2 -MT ssl.lo
-MD -MP -MF .deps/ssl.Tpo -c libhttp/ssl.c -fPIC -DPIC -o .libs/ssl.o
cc1: warnings being treated as errors
libhttp/ssl.c:274: error: ‘sslGenerateCertificate’ defined but not used
make: *** [ssl.lo] Error 1 What version of the product are you using? On what operating system? shellinabox-2.3.tar.gz Please provide any additional information below. Can be worked around by removing -Werror and running automake && ./configure

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=1

From [email protected] on June 22, 2009 17:30:36

What steps will reproduce the problem? 1. shellinaboxd -t
2. start firefox 3.0.9 under windows
3. connect to the shellbox instance
4. login
5. press '>' or '<' What is the expected output? What do you see instead? nothing. I expect to see < or >, when i press them

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=19

From [email protected] on January 10, 2010 16:34:31

The following code in VT100.prototype.updateStyle() doesn't play nicely
with the white-on-black color scheme:

// Make some readability enhancements. Most notably, disallow identical
// background and foreground colors.
if (bg == fg) {
if ((fg ^= 8) == 7) {
fg = 8;
}
}
// And disallow bright colors on a light-grey background.
if (bg == 7 && fg >= 8) {
if ((fg -= 8) == 7) {
fg = 8;
}
}

echo "^[[37;1mtest" ends up being displayed with .ansi8 instead of .ansi15
(which is grey instead of white).
Commenting that code out of the function fixes color display.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=46

From [email protected] on June 02, 2009 04:48:01

What steps will reproduce the problem? 1. Configure/make/make install shellinabox-2.8 on a Fedora 9 box.
2. Run shellinaboxd -t (from root session)
3. Connect to "http://localhost:4200 on a local browser. What is the expected output? What do you see instead? - Expected "login:", "password:" and bash prompt.

• Instead, after entering the correct login information for the login and
  password prompts, a prompt for "context" and then "level" were displayed.
• All attempts with various values for "context" and "level" gleaned from
  the system's "SELinux Administration" tool, yielded "Authentication failed"
  messages from shellinabox. What version of the product are you using? On what operating system? shellinabox-2.8

Fedora 9 (default SELinux configuration) Please provide any additional information below.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=15

From [email protected] on March 23, 2009 14:12:13

What steps will reproduce the problem? 1. ./configure; make; make install
2. /etc/init.d/shellinabox start What is the expected output? What do you see instead? Expected: ... starting ...

Actual: /etc/init.d/shellinabox: No such file or directory What version of the product are you using? On what operating system? Ubuntu Please provide any additional information below. Would be nice to have for all those of us who are rusty at making our own
/etc/init.d files from the template...

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=9

From [email protected] on October 06, 2009 13:09:32

What steps will reproduce the problem? 1. Pressing "Caps Lock" Key, remains in lower case What is the expected output? What do you see instead? Is expected to get Capitals What version of the product are you using? On what operating system? Using version 2.9 on Debian/Etch Please provide any additional information below.

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=30

From LaBlua on November 20, 2009 06:06:07

What steps will reproduce the problem? 1. Install on a machine without lsb installed
2. Post install script fails

What is the expected output? Successfull installation.

What do you see instead?

The output I see:

dpkg -i shellinabox_2.9-1_i386.deb

Selecting previously deselected package shellinabox.
(Reading database ... 52862 files and directories currently installed.)
Unpacking shellinabox (from shellinabox_2.9-1_i386.deb) ...
Setting up shellinabox (2.9-1) ...
/etc/init.d/shellinabox: /lib/lsb/init-functions: No such file or directory
invoke-rc.d: initscript shellinabox, action "start" failed.
dpkg: error processing shellinabox (--install):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
shellinabox

At this point it is also not possible to simply uninstall the package. What version of the product are you using? On what operating system? Version 2.9-1, the provided deb file.

On Debian 3.0

Original issue: http://code.google.com/p/shellinabox/issues/detail?id=34