
Show HN: Share your Unix shell with people you trust - old-gregg
https://github.com/gravitational/teleconsole
======
Moral_
You can do this with screen/tmux too...no need to connect to some server where
you can't audit their code.

~~~
old-gregg
If both machines aren't separated by NAT, you could. Except you'd need to
either share you local password or an SSH key with another party, which is
pretty inconvenient.

But most of the time you can't directly SSH into your laptop at home because
it's behind NAT, so you need an SSH bastion, and we figured it's not expensive
to host, why not put one out there for free.

And the code is all on github. Teleport
([https://github.com/gravitational/teleport](https://github.com/gravitational/teleport))
is the server/proxy part.

~~~
Symbiote
Are there people with SSH running on their laptop at home who _haven 't_ set
up port forwarding?

It's the first thing I do when setting up a new router.

I also like having a public IP on my desktop (and laptop) at work.

~~~
comboy
That would be me. I have openvpn setup everywhere, and I would hate to have a
public IP on a computer on which I work. Sooner or later I would forget about
adding some iptables for redis, database or dev applications that I'm running.

I mean in theory that would be just a few simple firewall rules that I
wouldn't need to change, but on long enough time I would screw something up
exposing myself, so the more layers the better.

~~~
Symbiote
There is a firewall between the work network and the outside world. You'd need
to ask the sysadmin (me) to open a port.

Only a couple of developers use it, and only to run Apache or similar.

------
old-gregg
Hello HN,

We've been using Teleconsole internally quite a bit as we have a distributed
team of developers and ops folks. Now we hope you'll enjoy it too! :)

It has a web site too:
[https://www.teleconsole.com](https://www.teleconsole.com)

~~~
danso
No fair; Mr. Robot references unduly prevents me from having a skeptical look
at the product :)

Nice work. The explanatory GIF is actually quite helpful. I appreciate there's
info for people who are uncomfortable with a hosted solution.

------
cyrusand
The poor man solution: [https://gist.github.com/cyrus-
and/713391cbc342f069c149](https://gist.github.com/cyrus-
and/713391cbc342f069c149)

~~~
zokier
verify=0 on both sides? Yeah... how about nope. Why even bother with openssl
without authentication?

~~~
robryk
I wouldn't use it, but it's still an improvement over unencrypted data. This
requires an active attacker to do anything, whereas unencrypted data allows a
passive attacker to eavesdrop.

------
segmondy
I've used [https://tmate.io/](https://tmate.io/)

~~~
s0l1dsnak3123
I use tmate almost daily for my remote consultancy gigs.

------
binarycrusader
As an aside, Solaris can enforce a "two-man rule" for system access via its
Role-Based Access Control system:

[https://blogs.oracle.com/gbrunett/entry/enforcing_a_two_man_...](https://blogs.oracle.com/gbrunett/entry/enforcing_a_two_man_rule)

~~~
zokier
That looks really cool. Is there something similar for Linux?

Reminds me bit of Vault unsealing protocol:
[https://www.vaultproject.io/docs/concepts/seal.html](https://www.vaultproject.io/docs/concepts/seal.html)

------
drinchev
What's the benefit for that? Why can't you just give ssh key / pass to the
other party and share a multiuser screen?

    
    
        $ echo 'multiuser on' > .screenrc
        $ screen
    

Another tty

    
    
        $ screen -x ID_OF_SCREEN

~~~
old-gregg
Mmm.. I hoped the README covers it, but I'll try again:

Teleconsole is made for situations when you can't SSH into another machine
directly (it's behind NAT) - it will work on a laptop when you're in the
internet cafe, or on the Raspbery Pi at home which you don't forward SSH
connections to.

Also it creates single-use disposable SSH credentials for your guests: there's
no need to create temporary users or share your own SSH credentials with
anybody.

Finally, you can join using just a browser, which can be helpful in some
situations.

I hope this helps!

------
natch
>We made the session IDs sufficiently hard to guess...

We _believe we_ made the session IDs sufficiently hard to guess...

FTFY

~~~
zokier
Its just a 20 byte random token, not exactly rocket science. Cursory glance on
the code shows that its generated using crypto/rand which is exactly how it
should be done. Some degree of skepticism is always good especially regarding
security, but when verifying something takes like 2 minutes or something,
maybe do that before posting disparaging comments on HN

~~~
natch
Verifying randomness is not a 2 minute task.

~~~
heavenlyhash
It... really is sometimes. GP did so. I just verified.

Here is the where the session ID is picked:
[https://github.com/gravitational/teleconsole/blob/54c8bddb47...](https://github.com/gravitational/teleconsole/blob/54c8bddb477e84f63a5bf092f95853b485ede0f0/clt/api_client.go#L121)

Here is the source of that helper function:
[https://github.com/gravitational/teleport/blob/9bde8462f272e...](https://github.com/gravitational/teleport/blob/9bde8462f272e22ced32999afea349881ec0f45a/lib/utils/rand.go#L32)

And at this depth, we can stop;
[https://golang.org/pkg/crypto/rand/](https://golang.org/pkg/crypto/rand/) is
documented as "a cryptographically secure pseudorandom number generator". If
you would like to audit _that_ , I commend you, but would also attest that the
Go standard library, when it declares cryptographically secure, is about as
reliable as it gets.

Total time to verify: about two minutes. I would understand if it's slightly
slower for someone not previously experienced with golang and thus not knowing
to grep for "crypto" in "crypto/rand", and I do not wish to make light of your
(valid) desire that we all take these matters seriously. But sometimes things
are simply correct. This, joyously, is one of those times.

~~~
natch
This is faith-based verification. You'd need to get down into the math, and
even then, we're talking about stuff where it's not clear where the bleeding
edge research ends and the real randomness begins. Worse, library methods can
be stubbed out. Did you verify that this one is not stubbed out at this time,
on your platform, in your particular jurisdiction? No? I didn't think so.

Note my only complaint is they don't identify their assertion as a belief.

~~~
heavenlyhash
I don't know what to say. I could write you an entire dissertation on the
math, my previous formal education in cryptography and randomness, my reading
of that code inside the golang standard library, and so forth. But you seem to
be stating that you're literally unsatisfiable by any series of words from any
other humans on the planet at any level of transitivity at all, even one hop.
So it begs the question of why engage in communication at all, when the
endgame you're interested in seems be defeat in detail.

> Did you verify that this one is not stubbed out at this time, on your
> platform, in your particular jurisdiction? No?

I did, in fact. I've performed full diverse double compilation on the golang
compiler and standard library using different toolchains and different
versions of the toolchains and verified the binary results. I am indeed quite
confident that this random method is not stubbed out in any place on earth you
or I are likely to find it. Reconsider your presumptuous dismissal.

The layer below this in the golang standard library is documented as follows:

    
    
      // On Linux, Reader uses getrandom(2) if available, /dev/urandom otherwise.
      // On OpenBSD, Reader uses getentropy(2).
      // On other Unix-like systems, Reader reads from /dev/urandom.
      // On Windows systems, Reader uses the CryptGenRandom API.
    

If you find those APIs to be insufficient on those operating systems... go
you. You have some security papers to publish.

I also believe the universe is made of four dimensions, one of which is time
and moves almost entirely forwards, if you'd like to carry out any more
attacks on things that are "faith-based" because they're insufficiently sussed
out here. Might be a _little_ out-of-scope on whether or not Teleconsole got
their session IDs right, though.

~~~
natch
Well, fair enough. I do stand by my language quibble for reasons stated,
namely that new math research does move the needle from time to time.
Understatement about the security of tokens is just courteous. But thanks for
putting this in perspective.

------
peterkshultz
Great work! I'm excited to see what people do with this.

The only thing that concerns me is the ease with which somebody can join a
session maliciously. Have you considered adding an additional form of
verification for joining sessions?

~~~
old-gregg
Well... yes. Teleconsole itself is just a Teleport
([http://gravitational.com/teleport](http://gravitational.com/teleport))
server configured _without_ extra authentication. But Teleport by default has
user accounts with 2nd factor auth and integration with Google Apps.

------
rkeene2
See also "GoTTY", also hosted on GitHub.com for a similar project that is not
associated with a service (i.e., you must host it yourself). It has write
support and there is a separate "gotty-client"

------
kedean
I'd imagine you could mitigate some of the risks of making it publicly
available by integrating with Keybase and allowing users to specify what
Keybase id's should be allowed to access it.

~~~
alexk
I would simply recommend to use full solution
[https://www.gravitational.com/teleport](https://www.gravitational.com/teleport)
if you want to have proper auth

------
alekratz
You can share tmux sessions in this manner. The only limitation is screen size
in that case - it will always use the smallest screen size that the session is
being accessed from.

------
d33
> curl
> [https://www.teleconsole.com/get.sh](https://www.teleconsole.com/get.sh) |
> sh

I understand that the assumption is that the first person I trust is you ;)

~~~
scrollaway
Why do you think a curling auditable shell code into an executable pipe is
riskier than executing a compiled binary?

~~~
d33
Just as an example, out of many reasons:

[https://www.idontplaydarts.com/2016/04/detecting-curl-
pipe-b...](https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-
server-side/)

~~~
scrollaway
You missed the 'er' in riskier. Do you seriously think this is more of a
threat than executing binaries you have to reverse engineer to know what they
do?

~~~
MichaelGG
Well one could argue that having a shell script invites people to review it,
then the article's behaviour could change it. So people might trust it when
they otherwise wouldn't have. But... they should just download it locally,
verify, and run.

Whereas for a binary, they might go verify a signature or something more
severe.

------
jsingleton
Looks handy. Any chance of Windows support?

BTW typo on [https://www.teleconsole.com](https://www.teleconsole.com) \- "on-
premise infrastructue" near the bottom.

~~~
twakefield
Thanks for the heads up. Unfortunately, we don't currently have Windows on the
near term roadmap.

------
qwertyuiop924
Nice for relatively low-security systems you want to share. Also, the Mr.
Robot reference is adorable. But I wouldn't trust Darlene if I was Elliot.
Even after [REDACTED].

------
chatmasta
This would be great when you need to hire a freelancer to help with a 40
minute configuration fix on a server.

~~~
alexk
Someone also mentioned it as a possible tool to use during practical Devops
interviews - e.g. "Set up this MySQL instance"

------
gravypod
I've done this with screen using shared terminals.

You could just use a VPN service between your two machines.

------
aiNohY6g
Nice tool.

Another poor (paranoid) man solution is 1/ to rely on Tor to expose your local
SSH server through NAT/firewalls, 2/ to use ephemeral classic SSH keys to
allow the guest to login on the host 3/ to share the session with screen -x.

Much more secure IMHO, but probably slower and also a bit more complex to
setup as the host and the guest must have Tor installed.

------
jonathonadler
How is this different from ngrok?

------
tokenizerrr
Is the server software available?

~~~
old-gregg
[https://github.com/gravitational/teleconsole#support-for-
pri...](https://github.com/gravitational/teleconsole#support-for-private-ssh-
bastions)

------
bedros
does this go over corporate firewall?

~~~
alexk
it does outbound SSH and HTTPS connections to teleconsole.com so if those are
allowed, then the answer is yes

------
devnull42
Their quick install method makes me very sad.

Never ever, ever curl redirect to bash.

~~~
guessmyname
Who are you telling that to? People that will see your comment are HN readers,
which in general are aware of the risks of piping the output of a random URL
to your shell, they will — if necessary — audit the code before execution. On
the other hand, if you are writing that warning for people without skills to
audit a shell script or the ability to understand why executing that command
is bad, then you are not reaching anyone, there is a discussion about this
every time a new website offers this installation method, we get it, it is not
safe, whatever, people will use it if they want, and people that understand
the insecurity of the process will not.

