New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
[FREE] shellter.me — FreeBSD pubnix (bash, 60MB ZFS, 3× IPv6, self-service revDNS)
elusiVeRPG
Member, Host Rep
Hi all —
Approved by @jbiloh on 2026-05-19 (ticket #RHI-533539). Posting per Giveaways & Freebies category rules.
Same crew as tb.tahio.eu (free IPv6 tunnel broker we ran the April 2025 freebie for) — different scope, same "non-commercial community project" energy. Full breakdown of who-and-why on the About page.
shellter.me is a small, free FreeBSD pubnix shell host run by two old IRCnet enthusiasts in their spare time. Free by design: no paid tier, no upsell, no affiliate, no autoaccept bot.
🐚 What you get
- Bash account on FreeBSD 15
- 60 MB ZFS dataset (lz4 compressed, refquota enforced) — enough for dotfiles, configs, small logs
- 3× dedicated IPv6 addresses out of our
2a03:94e0:257e::/48— bind your bots, ZNC, weechat-relay each to its own - Self-service reverse DNS on each of those IPv6 addresses 🌐 — set a PTR right from the dashboard at
shellter.me/dashboard, or withptrup <addr> <hostname>from your shell. Not common on free pubnixes; we built it because we wanted it on tb.tahio.eu first. - Inbound TCP/v4 slot (50 ports per user) — enough for an eggdrop or two
- IRC + multiplexer stack out of the box: irssi, weechat, znc, eggdrop, erssi, repartee, tmux, screen
- Hardened by default 🛡️: per-user pf anchors, ZFS-isolated homes, default-deny egress (HTTP/HTTPS pass-through only — no SMTP, no scanning)
🔑 Sign-up flow
- Pick a username at shellter.me/signup and confirm your email (or sign in with GitHub).
- Your request lands on
#shellter @ IRCnet. A human admin reads it. - One of us types
!accept your-username— the daemon provisions the shell and you get the generated password by email. ssh [email protected] -p 2222— and you're in.
No card. No autoaccept bot. Signups are reviewed by me or yooz manually.
🤝 Fair use
- One human = one account.
- No SMTP egress, no scanning, no abuse.
- Idle accounts get a polite warning before pruning — no quiet shutdown.
- 60 MB is real. If you outgrow it, you've outgrown free.
✅ Trust + transparency
- Just got the Host Rep tag (ticket #YNI-721703, 2026-05-21).
- Track record on tb.tahio.eu — over a year live, with a security incident along the way that we disclosed openly on the LET thread and fixed promptly. Full disclosure is how we operate.
- People behind it: see /about — Jerzy Dąbrowski (@elusiVeRPG on LET,
kofanyon IRCnet) and Dominik Juźwikowski (yoozon IRCnet). Hobby, not a business.
💬 Contact
- IRC:
#shellter @ IRCnet - LET: ping @elusiVeRPG
- This thread
Hope to see some of you in #shellter soon. Don't be a stranger. ✌️
Comments
Wow
Thanks, that's useful to have access to a FreeBSD system (without having to run one).
Quick transparency note — @cmeerw flagged at signup just now that all shelluser email addresses were sitting in plain text inside FreeBSD's shared user record file, in the GECOS field (which is world-readable by libc/utility design). Our create-user pipeline was writing the registration email there as a convenience field. Convenient for the admin, bad for everyone else's privacy.
Fixed as of today:
pw usermod -c …, manualvipw, whatever the source.While in there, also pulled
/etc/pf.conf,/etc/rc.conf,/etc/sysctl.conf,/etc/login.confand the/etc/rc.conf.d/*daemon fragments down from FreeBSD's default 0644 to 0640 root:wheel. Not secret, but leaking host topology and hardening posture to any logged-in shelluser for no good reason. Re-ran our internal leak check afterwards — zero remaining BAD lines.Thanks @cmeerw for the catch — disclosure-first is how we want to run this thing. Better to surface what was wrong and what we did about it than quiet-patch and hope nobody noticed. Spotted anything else suspicious, drop us a note on IRC (
#shellter @ IRCnet) or right here.Not a fan of the AI slop responses, but props for the transparency. However I'd recommend you point out that shell accounts are pretty much never private without truly extensive hardening. Hell, on Linux shells (no idea about FreeBSD), you can just run
wto see the IP addresses of everyone who is logged in, and various side-channel attacks makes it relatively easy to determine in-memory secrets.w, ifconfig and arp are blocked for users. I use ai to do wrote as my english is not so good in writing and i want to have this fix done as don as possible as is late here and need to get some sleep
You can block it all you want, but for ifconfig at least, a user can just manually open a socket to read the same data that ifconfig supplies, so that doesn't stop anything. Not saying it's bad to offer a free shell (free shells are awesome!), but confidentiality should not be considered strong and clients should be aware of that.
Use DeepL or Google Translate. That will preserve your tone without distilling everything you say into "slop-speak".
@elusiVeRPG Hello! Just signed up as shell user tom. Received acknowledgement email. Verification pending. Thanks very much!
Will be a lot of fun! 
Hello also to @cmeerw and @forest!
To be fair I much prefer this to the AI slop. May not be 100 % correct but it’s understandable and genuine.
This is definitely a cool project!
GLWSign-ups!
A question if you don't mind: can this be used as an SSH jumpbox?
Wouldn't mind getting an extra one for some of my devices / machines.
So the user emails aren't publicly accessible anywhere from now on?
Cool! I signed up!
I no longer daily-drive FreeBSD, but there was a FreeBSD 9.0 shell account back in 2012. However they didn't allow hosting (unlike OP).
That sounds like a really cool tool for the community, nice of you to offer it
My only gripe like @forest is that the post didn't need an AI-generated bullet point presentation, you could have written that simple list of features and rules / ToS by hand and fed it to a translator like DeepL, it wouldn't have taken you longer than writing the AI prompt. For example like TinyKVM: https://tinykvm.com/. Sure it doesn't look flashy but it's straight to the point and it has that old school wholesome HTTP 1.0-era vibe that you two IRC old timers probably grew up with.
Anyhow best of luck with the project.
FreeBSD ❤️
Nice program.I can't wait to try it!
https://erssi.org down?
GLWS signed up
Yes, they are only in supabase and mails are send by resend.com
I try just to use my own typing or "freeflow" as I use often tts also. From now on I try to provide all texts here without ai "redacted" slop.
Just to note that we have a rule against posting AI-generated texts
There's nothing wrong with making grammar or spelling mistakes, and people can even make grammar or spelling mistakes in their native language
It's better to see something of a user's personality than to have the impression that one is interacting with an AI bot
"shellter.me" is a very clever/nice domain name
I imagine (or would like to believe) that you guys thought of this name as opposed to some AI interlocutor
Nice.
This reminded me of the good ol' devio.us
Now I can get some sleep so I can address this a little better. Chmod is not only thing we did there. Chmod are only first line of our defense.
What we have done more:
pf default-deny on the shellusers gid (egress is 80/443 or nothing — no SMTP, no port scans, no UDP).
per-user pf anchors scoped by uid (no binding on a sibling's v6 even with a raw socket)
security.bsd.see_other_uids=0 (your ps and sockstat literally don't see other users' processes — the kernel filters at API level, so your hand-written getproc walker sees the same nothing your /bin/ps does)
ZFS dataset isolation per home with refquota, login.conf rlimits, master.passwd 0600 root:wheel. Those don't move unless someone finds a kernel CVE.
We try our best effort and we hope anyone who has better knowledge than us will let us know how to set up better privacy for our users.
Things my knowledge is to low to make it "safe" about I know are:
When I have some more free time I will try to make on our page a post about what we do about security and what we cannot do there.
It was not ai, this was yooz original idee with shellter
Like I said before, from now on the text will be written by myself or eventually with speak-to-text tools. No, I'm more AI generated text in my posts. Both shellter and tunnel broker.
Actually, the problem was that I made my mistake thinking that when I do the posts with proper English and proper form it would be more professional. I didn't think the AI posts could be unwanted :P, and yes, sorry I didn't read the community rules before, but after I got the host rep tag I try to read them more carefully.
Working on it today afternoon to bring it back to life. One from my hosts had some problem with storage I will move it to vercel or other provider.
GLWS - Really hope you have good protection from abuse. I can speak from experience with FOSSVPS, free means abuse magnet especially once it is posted on NodeSeek.
Also get ready for 'why can't I do ....' or questions that just don't make sense.
Mike
I think I will add check on https://github.com/disposable-email-domains and try to find some kind of api that can verify somehow email address as not reported as spam or any kind of abuse activity.
@msatt https://fossvps.org looks like very nice project
. We do plan around shellter and our tunnel broker add also freedns system similar to freedns.afraid.org as any way we made own set of powerdns name servers for tunnel broker, so why not do utilize this in more others ways.
Cool. Signed up.
Cool project, best of luck!
Thanks!
Bet you're busy, sorry to keep bugging, but any word on this ↑? Would that be a legitimate use?
Can't decide whether to sign up or spare some resources for others.