
Show HN: Assist – Instant terminal sharing from anywhere - gsundeep
https://assist.app/hn
======
solidasparagus
Is it possible to prevent the assister from actually executing the commands on
your system?

I could use this in a lot more places if the assister could see my
screen/output and propose commands for me to run, but I was still in control
of what commands are executed. (i.e. if I could safely use this as part of the
customer support process for my customers, I would be extremely willing to pay
for it).

~~~
gsundeep
Great idea! “assist -r” should trigger a read-only mode.

We will add this feature soon - please send us an email (team@assist.app) if
you’d like to be notified when it’s ready. Thanks!

~~~
javerikr
You may also want to consider allowing the user to specify whether the default
is read-only mode or read/write. In similar applications such as
[http://join.me](http://join.me), the default behavior is similar to a read-
only mode.

------
Tepix
If you're working on the same machine (say via SSH) you can also share a
session with tmux.

[https://www.hamvocke.com/blog/remote-pair-programming-
with-t...](https://www.hamvocke.com/blog/remote-pair-programming-with-tmux/)

------
zwarag
Why would I pay money for a thing that already exists and is free?

[https://tmate.io](https://tmate.io)

~~~
zwarag
And your site doesn't show who you are, where you're based. Identification Nr,
nothing.

Not very trustworthy

~~~
gsundeep
tmate differences are covered here:
[https://news.ycombinator.com/item?id=21264797](https://news.ycombinator.com/item?id=21264797)

You’re right about the ID, we’ll add that in :-)

------
bshimmin
It's perhaps worth noting that the with the venerable GNU Screen, you can more
or less achieve this by enabling multiuser mode and then doing screen -x.

~~~
gsundeep
While that works well on the same network, Assist uses a publicly accessible
tunnel to allow connections from the internet, regardless of wherever you are
/ local network configuration.

------
ORioN63
Honest question:

What's the difference with tmate? I haven't seen a reference to it in the site
and it looks pretty similar in purpose and usage from a quick look.

~~~
samsharps
tmate is pretty similar but there are a few things about it architecturally
that are different I think. The person connecting to you connects through a
tmux server on the tunneling host rather than directly to your tmux session.
This means that the tunneling server can see and modify everything sent over
tmate. If the tunneling server is untrusted or compromised, an attacker would
be able to run commands on your machine. Unfortunately, to make things worse,
the ssh key fingerprint of the tunneling server is not bundled with tmate, so
during the first connection to any tunnel an attacker performing a man-in-the-
middle can spoof the server and use the fact that the server is trusted to run
arbitrary commands on your machine. The attacker can either man-in-the-middle
the person running tmate or the person connecting to the tmate user to perform
this attack.

This more complex architecture is likely why tmate is using libssh even though
libssh recently had a very serious authentication bypass vulnerability
(CVE-2018-10933). These architectural choices may provide benefit in certain
circumstances, but we thought were unnecessary just to share a shell.

Assist has a simpler architecture and is built on top of unmodified Screen and
OpenSSH (we use the installed binaries on your machine). The tunneling servers
are designed to be completely untrusted, and the command you paste to the
assistant contains all the information necessary to prevent a man-in-the-
middle attack from seeing or modifying the session. We hope to add more
features in the future and felt that starting with a simpler architecture
would help with that.

~~~
ORioN63
Thanks for the comprehensive reply. I understand the difference now.

------
rsstack
There isn't a link to terms of the subscription, at least I couldn't find one
on mobile. Is the single user license for a single host or a single assister?
Do both users need a license? Is it per device or per person?

~~~
gsundeep
Only the user typing “assist” needs to have a subscription and they can use it
across all of their machines on a single license.

I’ll clarify this on the site - thanks!

------
theflyinghorse
Do you allow outright all and any commands in the terminal, sudo and all?

Does the data go through your pipes at all or strictly between assist clients?

~~~
gsundeep
Great questions - these are covered in our FAQ (admittedly buried at the
bottom of the home page):
[https://assist.app/faq.html](https://assist.app/faq.html)

Can the assist servers access my computer?

> No, the assist servers are only used for tunneling the connection over the
> internet. All data exchanged between the assister and assistee is encrypted
> over SSH. The assist command that is given to the assistee contains all keys
> necessary to setup a secure connection over SSH. This setup is designed such
> that a compromised server with the ability to passively monitor or actively
> modify traffic cannot see or interact with user sessions.

Does allowing someone to assist me give them control over my computer?

> Yes, you should only allow use assist with people if you can trust with your
> computer. A person logged into your assist session can potentially access
> any of your files or install malicious software. Allowing someone to assist
> you is similar to physically allowing someone access to your computer.
> Assist is meant to be used in situations where you would be okay letting
> someone use your computer while you are not around.

~~~
werber
This looks great! I just wish I didn’t have a use for it

------
vxNsr
$5/month/user seems high when you're not providing any hosting. Also you need
at least $10/month to actually do anything which again seems high.

This type of software should really be something like $30-$60/license and
$10-$20 upgrade fee for latest version.

~~~
gsundeep
Sorry for the lack of clarity - only the user typing “assist” needs to have a
subscription. We host publicly accessible tunnels so that this works wherever
you are.

I’ll clarify the subscription details on the site - thanks!

