Seashell is a custom SSH server that implements virtual hosts with username-based routing, allowing users to securely access shells inside VMs, containers, or even on serial ports. It also features its own authentication and permissions system, independent of system users.
Seashell has a built-in rate limiter for failed logins. If a user exceeds the configured amount of failed login attempts within the specified time interval, they will be blocked from making any further login attempts until the time interval passes.
Seashell comes with a granular permissions system that allows you to allow or deny access to specific resources for specific users or groups of users. This allows you to safely provide shell access to users without also giving them access to any unintended resources.
Seashell can integrate with Docker to provide remote shell access into a container. For example, with a route configured to match docker\\.(.+), you can use the following ssh command to get a shell inside the example container:
ssh user:docker.example@ssh.example.comSee the docker documentation for more info.
Seashell can integrate with a Nomad cluster to provide remote shell access into a Nomad allocation. For example, with a route configured to match nomad\\.(.+), you can use the following ssh command to get a shell in the first allocation in the example job:
ssh user:nomad.example@ssh.example.comIf your job has several tasks, you can specify the task you want like so:
ssh user:nomad.example.mytask@ssh.example.comSee the nomad documentation for more info.
Seashell can provide remote access to a physical serial port. For example, with a route configured to match serial\\.(.+), you can use the following ssh command to get a access to /dev/ttyS0:
ssh user:serial.ttyS0@ssh.example.comIf the baud rate and mode are unknown beforehand, you can specify them in the ssh command, like so:
ssh user:serial.ttyS0.115200.8n1@ssh.example.comSee the serial documentation for more info.
Seashell can proxy another SSH server. In this case, your client will authenticate to seashell and then seashell will authenticate to the target server, so you should provide seashell with a private key to use for authentication and encryption. If you don't provide this, seashell will ask the authenticating user for the target server's password.
Here's an example command:
ssh user:myproxy@ssh.example.comSee the proxy documentation for more info.