Docs/Shell: Difference between revisions

~/Docs

Shell is the LUG "pubnix" / multi-tenant server for all members/alumni. It is primarily intended as a sandbox to grant access to a linux environment to newcomers, and enable people to poke around with developing websites.

Shell was first started as a concept in ~2012, where it was called something else. It later adopted the name "shell" on the 2nd/3rd iteration.

When Steven took over LUG in 2022, he copied all the existing /home/*/public_html from the existing shell server at that time to a brand-new shell server, so the web content would not be lost.

In 2023 we once again started a fresh Shell server, but this time did not copy over the old web content.

Notes for Shell users

Shell provides a number of services to users with an account.

You can of course login, and get a shell on the server, which is running Debian. On logging in from off-campus, see the "SSH-Over-TLS" below.

The primary service Shell has is the user webpages. Upon logging in, you will see a "public_html" directory in your home directory. Anything placed in this directory will be available at "https://shell.lug.mtu.edu/~<your_username>/". You can look into how websites work on the backend to understand how to make one yourself, if you would like.

Of note, because the webserver runs as the user/group "www-data", you must make sure all files in public_html can be read by www-data. Either by granting every user on the system read-only access (chmod o+r <file>), or changing the group to www-data and granting group read access (chmod g+r <file>).

Shell also has an IRC bouncer (ZNC) on port 50000, using the same username/password you use to login. ZNC has a web interface if you visit it in a web browser (https://shell.lug.mtu.edu:50000) to more easily configure your settings.

SSH-Over-TLS

IT blocks all inbound SSH connections from outside of the 141.219.0.0/16 range so by default you can't ssh into Shell from off-campus (or the guest WiFi).

There's a service on port 8443 to allow wrapping ssh traffic in TLS, so if you're connecting from a *nix client you can use the following options to do the TLS-wrapped-SSH:

Using openssl

openssl should be installed on most *NIX systems, including MacOS, by default.

It can be installed on Windows with winget install openssl or scoop install openssl

Single-Use Command

You can use the following command to ssh into shell without editing any persistent configuration files:

ssh -o ProxyCommand="openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null" username@shell.lug.mtu.edu

Persistent Config

Otherwise, you can add the following to ~/.ssh/config, and have it auto-apply any time you type ssh shell:

Host shell
    ProxyCommand        openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null
    ServerAliveInterval 10

This is what I recommend, as you can just type ssh shell and it'll apply the SSH-over-TLS settings automatically.

You can also add your username and pubkey to the host config for a very quick login, so you don't have to type your password every time.

More information about the SSH Host configuration file can be found here

Using socat

If the above doesn't work, (or if openssl keeps dropping the connection randomly) you can use socat instead.

Just replace:

openssl s_client -quiet shell.lug.mtu.edu:8443 2>/dev/null

with

socat - OPENSSL:shell.lug.mtu.edu:8443,verify=0

in either the single-use command or persistent config.

So long as socat is installed, it should work without hassle.

You can also use other TLS client you like, such as ncat or stunnel, but openssl and socat are some of the most popular programs for this purpose so I decided to only cover the configs for them.

Contact a LUG sysadmin if you need help using a different TLS client application for this purpose.

Notes for sysadmins

Scripts

Shell has scripts for administrators in /root/ to automate various tasks.

These are:

• add-new-user.sh
  • Use this to make a new user account. useradd doesn't make home directories a ZFS dataset. (useful in case a user wants to rollback their homedir to a snapshot)
• generate-homepage.sh
  • Generates the index.html page for shell. Called by a cronjob to run every minute.
• list-administrators.sh
  • Prints a (colored) list of administrators.
• list-logins.sh
  • Prints an ordered list of user logins
• list-user-creation.sh
  • Displays a sorted list of each user's creation date based on their homedir
• user-popularity.awk
  • Prints number of unique IPs that visited each user's shell website path
  • Plan to use this to make "most popular user of the day" blurb in generate-homepage.sh at some point

ZFS

Shell uses ZFS for the main data pool, which is mounted at /home (and each user's homedir is an individual dataset). As of Fall 2025, it has roughly ~8TB in raw space (4x2TB drives), ~4TB after formatting (RAID10 / striped-mirrors) and ~1TB used with ~3.5TB free.

Some helpful commands are:

• View general pool status (and disk health)
  • zpool status
• View all ZFS snapshots
  • zfs list -t snapshot
• Delete specific snapshot
  • zfs destroy -r zhome@example-snapshot

Automated tasks (cronjobs):

• 4AM EST: cronjob recursively makes a snapshot of /home and each user's homedir, prefixed by "Auto".
• 4:15AM EST a cronjob recursively deletes >8th oldest /home snapshot starting with "Auto".

Root drives

Shell has two 1TB Crucial SSDs RAID'ed together with MDADM in RAID1 to serve as the ESP and the root (/) partition.

Each drive has two partitions, first the ESP (500MB/476MiB), and the root partition second (the rest of the drive; ???GB/931.5GiB).