• if you are already running ssh on the host you'll need to create (or add to) a .env.override file SHELLHUB_SSH_PORT=<SOMETHING_OTHER_THAN_22>
  • you'll use this port # when logging into the remotes via ssh cli e.g. ssh -p <PORT_#> <USER>@<SSHID_FOR_REMOTE>@<HOST_IP_OR_NAME>
• directions for install (dev environment not necessary)
• for ssl add to .env.override:

SHELLHUB_AUTO_SSL=true
SHELLHUB_REDIRECT_TO_HTTPS=true
SHELLHUB_DOMAIN=<your domain or subdomain without quotes>

Add a systemd service:

• create /etc/systemd/system/shellhub.service:

[Unit]
Description=ShellHub
After=network.target

[Service]
User=root
Type=simple
WorkingDirectory=<DIRECTORY WHERE SHELLHUB ROOT LIVES>
ExecStart=make start
Restart=always

[Install]
WantedBy=multi-user.target

• sudo systemctl enable shellhub.service
• sudo systemctl start shellhub.service

• Shellhub provides a docker container for RPI and friends but our candidate was a riscv64 mangopi for which there was no suitable Docker container
• Instead we cloned the repo then build the agent from source

 git clone -b v0.10.4 https://github.com/shellhub-io/shellhub.git shellhub
 sudo apt install golang
 cd shellhub/agent
 go build -ldflags "-X main.AgentVersion=v0.10.4"

• zipped riscv64 compiled binary of agent
• Format for the public/private keys must be pem so ssh keys from standard ssh-keygen will not work. Instead do something like: ssh-keygen -t rsa -f key.pem -m pem with -m pem being the magic sauce (source).

• add a script startAgent.sh to start the agent:

#!/bin/bash
export SHELLHUB_TENANT_ID="TENANT_ID"
export SHELLHUB_PRIVATE_KEY="PRIVATE KEY PATH AND FILENAME IN PEM FORMAT"
export SHELLHUB_SERVER_ADDRESS="SHELLHUB SERVER ADDRESS"
./agent

• sudo chmod 755 startAgent.sh
• starting the script from the shell works fine but for some reason does not work with systemd unless we change /bin/sh to use bash instead of dash
  • sudo dpkg-reconfigure dash and choose no when prompted
• create /etc/systemd/system/shellhubAgent.service

[Unit]
Description=ShellhubAgent
After=network.target

[Service]
User=root
Type=simple
WorkingDirectory=FULL PATH WHERE AGENT AND STARTUP SCRIPT ARE LOCATED
ExecStart=FULL PATH AND FILENAME OF STARTUP SCRIPT
Restart=always

[Install]
WantedBy=multi-user.target

• sudo systemctl enable shellhubAgent.service
• sudo systemctl start shellhubAgent.service

• local machine generate public/private key.
  • it could be that any public/private key would work but docs suggestssh-keygen -t ed25519
• upload public key to web portal (public keys menu on LHS)
• make sure private key on local machine has permissions 600
• login from local machine using private key: ssh -p <PORT> -i <PRIVATE_KEY_PATH_AND_FILE> <USER>@<SSHID_FOR_REMOTE>@<HOST_IP_OR_NAME>

This is not a built-in function for community edition it appears so as a workaround we can hack the code

• pre v0.13.0: in /pkg/agent/server/server.go edit func (s *Server) passwordHandler( so the first line of the method reads return false
• post v0.13.0: in /pkg/agent/server/authentication.go edit func (s *Server) passwordHandler(ctx gliderssh.Context, pass string) bool { so the first line of the method reads return false
• cd shellhub/agent
• go build -ldflags "-X main.AgentVersion=<VERSION>"

• sudo apt install xtightvncviewer
• change ~/.vnc/xstartup to read:

env -i /bin/sh -c "export PATH=$PATH;
                   export XAUTHORITY=$XAUTHORITY;
                   export DISPLAY=$DISPLAY;
                   export HOME=$HOME;
                   export LOGNAME=$LOGNAME;
                   export USER=$USER;
                   /usr/bin/xfce4-session"

• write a script:

#!/bin/bash
if ! pgrep -x "Xtightvnc" >/dev/null
then
    vncserver -geometry 1366x768
fi

• call this script in session and startup (yes systemd is the right way to do this but I couldn't get it to work)
• restart Xserver

• ssh -p 24 -i <PRIVATE_KEY> <NAME_OF_REMOTE> -L 5901:127.0.0.1:5901
• then in a separate window gvncviewer :1