A bunch of scripts and configs that allows to expose a shell via HTTPS.

• works as a system service
• the service fulfills the principle of minimal privilege (can't simply use /bin/login as it requires root privileges)
• exposes a web client with the user's shell
• supports password authentication
• has an optional protection against brute force attacks
• uses secure transport protocols

The project depends on bash, ssh (client+server), systemd, ttyd, nginx, grep and optionally fail2ban (if you want to have a brute force protection). sshd must be configured for accepting incoming local connections.

Everything was tested on Debian Linux.

1. Copy the config files (etc folder) to the corresponding directories in your system.
2. Download ttyd and put the executable in /usr/local/bin/ttyd. You can choose another directory, but don't forget to edit the config files.
3. Put ttyd-login script in /usr/local/bin/ttyd-login. Apply chmod +x for both executables.
4. Create a user named ttyd, with a home directory and disabled login shell. It is required for ~/.ssh files. The home can be custom, for example /var/local/ttyd/:

5. Add a new location in nginx configuration for your domain. If you want to have a shell under https://example.com/shell, add this to the server section:

1. Reload systemd unit files systemctl daemon-reload.
2. Restart all edited services:

3. Start httpsh service and enable the autostart during the system startup:

4. The shell should be up and running under https://example.com/shell

I recommend to use fail2ban protection and TLS v1.3 for your domain. DO NOT use plain HTTP without TLS - it's like using telnet instead of ssh.

If you have any questions, please create a new Github issue.

If you appreciate my work, it will be cool to know that I drink my coffee thanks to you!