ShellHub is a cloud server that allows universal access to your networked devices from any external network. Using it prevents being blocked by firewalls or overly complex networks because ShellHub uses the HTTP protocol to encapsulate the SSH protocol. This transport layer allows seamless use on most networks, as it is commonly available and accepted by most companies' firewall rules and policies.
Best of all, ShellHub is open source (released under the Apache 2.0 license) and facilitates developers' and programmers' remote tasks and making access to Linux devices possible for any hardware architecture.
ShellHub offers a safe and quick way to access your devices from anywhere. It has a robust community, whose contributions are essential to the tool's growth, new features, and improvements. I'll describe some of the updates that are (or will soon be) in the tool's code below.
The namespace enables you to create a set of devices to share with other ShellHub users. You can put as many devices as you want in a namespace, but a device registered in one namespace cannot belong to another.
You can access your namespace by using the top-right button on the Dashboard. There, you will find the namespace Tenant ID, which is used to register a device, and any other namespaces you have created. You can also create a new namespace and access namespace settings.
You can rename, delete, and invite other users to your namespace. Namespace user permissions work based on privilege, depending on user rank. (See Privileges for more information.)
This feature is available in all editions. The difference is that in the open source version, you must use the terminal to issue commands:
./bin/add-namespace <namespace> <owner>
Privileges are an organization-level mode for authoring actions in ShellHub. This ensures only the owner has permissions to do potentially dangerous actions.
There are two privilege ranks:
- ADM: Only the namespace owner has administrator privileges to run an action. The admin can accept and reject devices; view and delete session recordings; create, change, or delete firewall rules; and invite users to the namespace.
- USER: A user must be invited by the owner. A user can access devices and any information in the namespace enabled by the owner but cannot remove devices, change firewall rules, or watch session recordings.
This new feature records all actions in a ShellHub connection executed by a user or owner. Session recordings are available in the Dashboard in ShellHub Cloud and Enterprise versions.
The session recording feature is on by default. If you are the owner, you can change this in a namespace's Settings.
Each session's page has details such as hostname, user, authentication, IP address, and session begin and end time. The device's user ID (UID) is available in Details.
Firewall rules define network traffic permissions (or blocks) to ShellHub devices. This feature is available in the Cloud and Enterprise editions. These rules allow or prevent a device's connection to defined IPs, users, or hostnames. Rules can be set only by a namespace owner.
In addition to defining the rules, ShellHub enables an owner to set priorities, which block sets of locations or permit access to a location in a blocked set if necessary.
ShellHub developed the admin console to facilitate user support. It offers an easy and clear interface for administrators of large teams to manage and check the activities executed in the ShellHub server. It's available in the Enterprise edition.
Automatic access with public keys
Automatic connection using public keys is a new feature that will be released soon. It aims to simplify access for users with many different devices and credentials because using a public key makes access quicker and more secure.
The ShellHub server keeps public key information safe and uses the key only for logging into devices. It also does not have access to users' private keys or other sensitive information.
Automatic connections using public keys is a recent feature added in ShellHub.