FAQ

General

Security

General


What is ShellShadow?

ShellShadow is a server support platform bridging unix/linux professionals with customers who need secure, fast, and reliable support for their servers. It consists of an online service platform shellshadow.com and a collaborative terminal client, the ShellShadow client.

What is the ShellShadow client?

The ShellShadow client is a collaborative terminal client based on PuTTY and is available FREE here (Windows and Linux). In addition to the features available in PuTTY, the ShellShadow client enables two users (shell and shadow) to access the same terminal session. The shell user connects to their server and allows a shadow user to collaborate with the terminal through our secure relay server. Read our how to guide or Watch a demo of this in action. The support user does not connect directly to your server and does not need login credentials to your server. The person receiving support is the conduit for all communication to their server. The person receiving support remains in control at all times.

What can a support client (shell user) do with ShellShadow?

What can a support professional (shadow user) do?

Can't I do this with GNU Screen

GNU Screen has a feature to share a TTY among users on the same server. To use this feature, both users must have login access to the server and the shared Screen TTY must be configured. This, however, is generally a bad idea for support situations. With ShellShadow, there is no need to install and configure anything on your server. Additionally, ShellShadow enables the person requiring support to have clear control over the support user. With GNU Screen, when a support session is over, you must go back into your server config and remove the support person's access. Using GNU Screen is only appropriate when the two users are both in the same work environment and both already happen to have privileges on the server requiring support. In addition to these security issues, GNU Screen requires setup and configuration by the person requiring support, which rules out a large group of linux users. ShellShadow provides a tool accessible to beginner and advanced users.

Can I connect to non-SSH servers? telnet, Rlogin, serial?

Yes. One reason we built the ShellShadow client off the PuTTY code base is because of flexibility. For example, ShellShadow can connect to the command line interface of your iPhone, Linksys router, Windows PowerShell, Google Android G1, Palm, BlackBerry, etc... ShellShadow can securely relay a terminal session for SSH (types 1 and 2), telnet, Rlogin, and serial connections.

Why can't I resize my ShellShadow client window as a Shadow user?

The shell and shadow user's terminal sizes are kept in sync. Only the shell user can change the ShellShadow client's screen size. The shadow user's client will immediately reflect the change in window size as the shell user changes it. ShellShadow opens by default to a safe and usable size.

Where can I get more information?

Use our public google discussion group or send us a private email. See our contact page for more information.

Security


Why doesn't the ShellShadow client run inside a web browser?

The ShellShadow client is a single executable client run from your desktop. The PuTTY open source code we have built upon has been vetted for over 10 years in daily use by millions. We could have built the ShellShadow client with JavaScript or Flash or as a Java Applet. There have been various attempts by others to build a browser based SSH terminal client. To date, none are robust and proven secure enough to meet our needs. Building such a solution in a web browser requires taking into account security concerns across multiple browsers. If we had built such a browser client, it would have been slower and more bloated (code and memory) and most of all very difficult to prove secure.

Are my passwords sent through the relay?

No. We wouldn't want to do that. ShellShadow is unlike other screen sharing tools. We only relay information "echo'ed" by your server. When you type in a password, the character inputs are not echo'ed back to the terminal, so there is nothing to relay. Security through simplicity.

Can I run my own relay server?

Yes. There are many reasons why you might want to run you own relay server. We purposely built our relay to be lightweight and easy to manage. Send us an email to inquire about licensing our relay server.

Can I see your source code?

Yes. Contact us for licensing and source access to our client and relay server technology

Can a shadow user disconnect my session with the server?

Yes, the shadow user, when in "Read-Write" mode, could type "exit" in the shell and your ShellShadow client will close, losing connections to both your server and to the ShellShadow relay server.

What port(s) does the ShellShadow client use?

The ShellShadow client connects to our relay server on port 1300. This is somewhat arbitrary.