Reenvisioning SSH with ShellHub
21st Century SSH

© Lead Image © James Thew, 123RF.com
ShellHub offers an innovative approach to remote access with minimal reconfiguration of a firewall.
Secure Shell (SSH) is one of the most popular Linux services. With the global IPv4 address space shortage, it often becomes necessary to SSH into machines that are sitting behind a NAT-enabled router.
Rather than opening up network ports and then forwarding traffic individually to all your specific LAN devices, clearly it would be much better to access devices via a centralized point.
A new, natty piece of software called ShellHub [1] solves this headache nicely. ShellHub creates an SSH server inside your local network, allowing you to forward inbound SSH traffic to your other machines without having to mess around with the individual port forwarding settings for all your devices. Think of ShellHub as an alternative to the popular sshd
daemon (OpenSSH) on your LAN.
In Closer
Figure 1 is a simple schematic showing the ShellHub architecture. From outside the LAN, you connect to the ShellHub server, either from the command line or a browser window. The firewall/router is configured to pass traffic to the predefined static IP address and port number of the ShellHub server on the LAN, performing network address translation as required.

A user who is connected to the ShellHub server can then use the ShellHub web interface (or a command-line interface) to initiate connections with other devices on the LAN. The remote user can thus connect with all devices even though the ShellHub server itself is the only system requiring special firewall attention.
On Your Marks
The excellent ShellHub uses Docker Engine and Docker Compose, taking a microservices approach to make the software easier to develop and maintain. Consult your package manager's documentation for more on how to set up ShellHub for your Linux distro. I'm using Linux Mint atop Ubuntu 18.04.
The first step is to set up Docker:
$ apt install docker.io docker-compose
To make sure that Docker Engine starts when the machine reboots, run the following command:
$ systemctl enable docker
The next task is cloning ShellHub's GitHub repository [2] and selecting the correct branch (and therefore version):
$ git clone -b v0.0.4 https://github.com/shellhub-io/shellhub.git shellhub-v0.0.4
ShellHub development is proceeding quickly, but be aware that ShellHub is still in Beta. I was running version 0.0.2 just a couple of weeks ago and already it is at version 0.04, so make sure you get the latest and most stable version.
Go to the cloned directory next by using this command:
$ cd shellhub-v0.0.4
Before proceeding, fire up the excellent keygen
tool, which is included in the repository's bin/
directory:
$ ./bin/keygen
and create an RSA key pair.
Docker Inside
The ShellHub service is built on Docker; you'll need a working Docker [3] configuration to set up ShellHub. You're advised to exercise some patience (anything up to 15 minutes apparently) when running Docker Compose to bring up ShellHub.
Try the following command:
$ docker-compose up -d
If this command doesn't immediately work, see the box entitled "Docker Hub Login." For more help with Docker Compose issues, see "There May Be Trouble Ahead."
There May Be Trouble Ahead
If you receive an error when Docker Compose tries to start up, you might need to get the Docker Compose version required by your ShellHub version. On the Docker website, the compatibility matrix [4] mentions that, for version 3.7 to be used in the Docker Compose file (v3.7 is the version that my ShellHub uses), you need the following:
- Docker Compose (version in the
docker-compose.yml
file): version 3.7 - Docker Engine: 18.06.0+
To check your Docker Engine version, you can run the following command:
$ docker version
And, for the Docker Compose version, use this command:
$ docker-compose version
As ShellHub is up-to-date, I took the following steps to update Docker Compose. First run the following command to remove the old version:
$ apt purge docker-compose
From the Docker Compose GitHub repository [5], download the source code for the latest version (version 1.25.4 at the time I wrote this article):
$ curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/bin/docker-compose
The eagle-eyed among you will see from the long, somewhat unwieldy command that the resulting Docker Compose release is saved within the directory /usr/bin
on my local machine (adjust this location to your needs). Once it's been downloaded, you can make the file executable with:
$ chmod +x /usr/bin/docker-compose
Now, from inside the shellhub-v0.0.4
directory in the cloned GitHub repository file path, run the following command to bring Docker Compose up again (you might have to run the docker login
command first) :
$ docker-compose up -d
Ta-da! The screeds of output as our ShellHub server is brought up confirm that Docker Compose is happy.
Docker Hub Login
If you haven't logged into Docker Hub for a while, you may have missed a slight change in policy over the last few months.
Docker now places more emphasis on regular logins (even for public images). As a result, you may need to login again. Reset your password online if required, and then run the login command:
$ docker login
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Direct Download
Read full article as PDF:
Price $2.95
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Find SysAdmin Jobs
News
-
Kubuntu Focus Announces XE Gen 2 Linux Laptop
Another Kubuntu-based laptop has arrived to be your next ultra-portable powerhouse with a Linux heart.
-
MNT Seeks Financial Backing for New Seven-Inch Linux Laptop
MNT Pocket Reform is a tiny laptop that is modular, upgradable, recyclable, reusable, and ships with Debian Linux.
-
Ubuntu Flatpak Remix Adds Flatpak Support Preinstalled
If you're looking for a version of Ubuntu that includes Flatpak support out of the box, there's one clear option.
-
Gnome 44 Release Candidate Now Available
The Gnome 44 release candidate has officially arrived and adds a few changes into the mix.
-
Flathub Vying to Become the Standard Linux App Store
If the Flathub team has any say in the matter, their product will become the default tool for installing Linux apps in 2023.
-
Debian 12 to Ship with KDE Plasma 5.27
The Debian development team has shifted to the latest version of KDE for their testing branch.
-
Planet Computers Launches ARM-based Linux Desktop PCs
The firm that originally released a line of mobile keyboards has taken a different direction and has developed a new line of out-of-the-box mini Linux desktop computers.
-
Ubuntu No Longer Shipping with Flatpak
In a move that probably won’t come as a shock to many, Ubuntu and all of its official spins will no longer ship with Flatpak installed.
-
openSUSE Leap 15.5 Beta Now Available
The final version of the Leap 15 series of openSUSE is available for beta testing and offers only new software versions.
-
Linux Kernel 6.2 Released with New Hardware Support
Find out what's new in the most recent release from Linus Torvalds and the Linux kernel team.