I am running neo4j as embedded service in Jetty / webapp, but for support purposes I need shell access to it. I can enable remote shell using approach described here, but because I am using a shared hosting this does not feel secure enough, I would prefer some additional protection, e.g. username/password. Is that possible? Neo4j docs on securing the server only seem to apply to the web admin interface.

There is no authentication in remote shell.

The way to secure access is to protect the remote shell port using iptables and access the shell from outside using ssh port forwarding or a vpn.

If running in a shared hosting environment you need to take care that the remote shell port is not accessible by others. This can be done e.g. by running Neo4j in a lxc container e.g. using docker.io.

And if you run server, you can use the REST based endpoint for the Neo4j shell which is also protected by the basic-auth user authentication that you can put in front of the server.

E.g. by something like this:

https://gist.github.com/jexp/8213614