Reenvisioning SSH with ShellHub

21st Century SSH

© Lead Image © James Thew,

© Lead Image © James Thew,

Article from Issue 235/2020

ShellHub offers an innovative approach to remote access with minimal reconfiguration of a firewall.

Secure Shell (SSH) is one of the most popular Linux services. With the global IPv4 address space shortage, it often becomes necessary to SSH into machines that are sitting behind a NAT-enabled router.

Rather than opening up network ports and then forwarding traffic individually to all your specific LAN devices, clearly it would be much better to access devices via a centralized point.

A new, natty piece of software called ShellHub [1] solves this headache nicely. ShellHub creates an SSH server inside your local network, allowing you to forward inbound SSH traffic to your other machines without having to mess around with the individual port forwarding settings for all your devices. Think of ShellHub as an alternative to the popular sshd daemon (OpenSSH) on your LAN.

In Closer

Figure 1 is a simple schematic showing the ShellHub architecture. From outside the LAN, you connect to the ShellHub server, either from the command line or a browser window. The firewall/router is configured to pass traffic to the predefined static IP address and port number of the ShellHub server on the LAN, performing network address translation as required.

Figure 1: A remote user just has to access the ShellHub server to obtain access to other devices on the LAN.

A user who is connected to the ShellHub server can then use the ShellHub web interface (or a command-line interface) to initiate connections with other devices on the LAN. The remote user can thus connect with all devices even though the ShellHub server itself is the only system requiring special firewall attention.

On Your Marks

The excellent ShellHub uses Docker Engine and Docker Compose, taking a microservices approach to make the software easier to develop and maintain. Consult your package manager's documentation for more on how to set up ShellHub for your Linux distro. I'm using Linux Mint atop Ubuntu 18.04.

The first step is to set up Docker:

$ apt install docker-compose

To make sure that Docker Engine starts when the machine reboots, run the following command:

$ systemctl enable docker

The next task is cloning ShellHub's GitHub repository [2] and selecting the correct branch (and therefore version):

$ git clone -b v0.0.4 shellhub-v0.0.4

ShellHub development is proceeding quickly, but be aware that ShellHub is still in Beta. I was running version 0.0.2 just a couple of weeks ago and already it is at version 0.04, so make sure you get the latest and most stable version.

Go to the cloned directory next by using this command:

$ cd shellhub-v0.0.4

Before proceeding, fire up the excellent keygen tool, which is included in the repository's bin/ directory:

$ ./bin/keygen

and create an RSA key pair.

Docker Inside

The ShellHub service is built on Docker; you'll need a working Docker [3] configuration to set up ShellHub. You're advised to exercise some patience (anything up to 15 minutes apparently) when running Docker Compose to bring up ShellHub.

Try the following command:

$ docker-compose up -d

If this command doesn't immediately work, see the box entitled "Docker Hub Login." For more help with Docker Compose issues, see "There May Be Trouble Ahead."

There May Be Trouble Ahead

If you receive an error when Docker Compose tries to start up, you might need to get the Docker Compose version required by your ShellHub version. On the Docker website, the compatibility matrix [4] mentions that, for version 3.7 to be used in the Docker Compose file (v3.7 is the version that my ShellHub uses), you need the following:

  • Docker Compose (version in the docker-compose.yml file): version 3.7
  • Docker Engine: 18.06.0+

To check your Docker Engine version, you can run the following command:

$ docker version

And, for the Docker Compose version, use this command:

$ docker-compose version

As ShellHub is up-to-date, I took the following steps to update Docker Compose. First run the following command to remove the old version:

$ apt purge docker-compose

From the Docker Compose GitHub repository [5], download the source code for the latest version (version 1.25.4 at the time I wrote this article):

$ curl -L "$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose

The eagle-eyed among you will see from the long, somewhat unwieldy command that the resulting Docker Compose release is saved within the directory /usr/bin on my local machine (adjust this location to your needs). Once it's been downloaded, you can make the file executable with:

$ chmod +x /usr/bin/docker-compose

Now, from inside the shellhub-v0.0.4 directory in the cloned GitHub repository file path, run the following command to bring Docker Compose up again (you might have to run the docker login command first) :

$ docker-compose up -d

Ta-da! The screeds of output as our ShellHub server is brought up confirm that Docker Compose is happy.

Docker Hub Login

If you haven't logged into Docker Hub for a while, you may have missed a slight change in policy over the last few months.

Docker now places more emphasis on regular logins (even for public images). As a result, you may need to login again. Reset your password online if required, and then run the login command:

$ docker login

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Tutorials – Docker

    You might think Docker is a tool reserved for gnarly sys admins, useful only to service companies that run complicated SaaS applications, but that is not true: Docker is useful for everybody.

  • Docker Open Source Developer Tools

    Docker provides the open source tools and resources for compiling, building, and testing containerized applications.

  • Docker

    Docker is an economical alternative to conventional virtualization. Because each Docker container shares the underlying operating system, it enjoys the resource isolation and allocation benefits of VMs but is much more portable and efficient.

  • Seafile 9

    Seafile offers file sharing and synchronization like Nextcloud and ownCloud, but its speed leaves the competition far behind.

  • Tube Archivist

    Tube Archivist indexes videos or entire channels from YouTube in order to download them with the help of the yt-dlp tool.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More