Hacker News new | comments | show | ask | jobs | submit login
Gotty – Share your terminal as a web application (github.com)
442 points by nimitkalra on Aug 17, 2015 | hide | past | web | favorite | 62 comments

By the way, if you want to share your terminal ephemerally with someone over SSH, I swear by http://tmate.io/. It was something I desperately needed a solution for, and tmate delivers very very well.

One of these days I need to write a blog post on how to do it, but I pair program with my colleagues over ssh and tmux.


- Set up a guest account on your computer. Write a small script containing "tmux attach-session -S /tmp/guest-session -t guest". Make this shell script the login shell for the guest account (make sure you are patched against heartbleed ;-) )

- Create a guest group and add your user and the guest user to it

- Write a script for you that contains "tmux -S /tmp/guest-session -t guest new"

- Configure ssh for RSA login

- Whenever you want to work with someone, add their ssh key to the guest account's .ssh/authorized_keys. Then run your script to start the tmux session.

- They still won't be able to log in until you give read and write permissions to the tmux socket (which allows you to have some control over when people can log in). To allow them to log in: "sudo chgrp guest /tmp/guest-session"

Note that you still have to trust the person because they will be sharing your session. However, you will be able to see everything they are doing. When they ssh in, they will immediately join your tmux session (unfortunately without any notification -- need to see if there are some hooks you can use to notify when people attach to the session).

Having a shell script as a login shell is obviously a potential security hole, so you should make sure that authorized_keys only contains keys when you want people to log in.

There is a project somewhere that contains a lot of scripts for doing this kind of thing (I forget what it is called), but I think it is better to learn how to do it yourself ;-)

That's pretty much exactly what tmate does (it uses tmux under the hood). However, I was looking at how to do this myself and couldn't figure out how to share my session and only allow people into that, rather than the whole system, so thanks!

ssh + tmux is also my way to go.

Just to add: tmux provides a read-only switch that guest (students, support, colleagues) won't interfere with the session, but can give advices/ask questions through another channel e.g. phone, irc, ...


That's pretty cool -- I'll definitely start using your tricks. Thanks for sharing!

I tried this for a while but then I tried ScreenHero and I've never gone back.

Was excited to try ScreenHero but it seems they are closed now as they were acquired by Slack.

You can use your existing Slack account to login to ScreenHero as well.

If you don't have one, just try registering a free account with Slack, that might work as well.

You have to be a paying member of Slack to use ScreenHero.

Can you describe your use-case?

They're two, really: One is when I want to collaborate with a friend on a project (we both use vim, so we work on the terminal), and I don't want to set up a new account and transfer all the files, set up the environment and give him free rein on it, and the other is to quickly debug some issue on a remote friend's computer while he can see what I'm doing and learn from it.

You probably want to start using a version control system like Github for case 1.

That's completely different.

Nit pick, but Github is not a version control system. git is though.

Add this to ngrok [0] and you've got some pretty serious remote collaboration tooling, with security.

[0] https://ngrok.com/

An alternative to ngrok is pakegite [0].

[0] http://pagekite.net/

I can't convey how I grateful I am to you. I haven't been so excited by any service in a long time. This is awesome!

yep, i'd love to see this integrated with ngrok. would a gotty+ngrok combination be something folks would pay for?

I'd like to use this to provide a development environment for a friend in Africa trying to learn to program. He has random access to random computers so any client side install is a problem.

I would be happy to pay for the product or just pay someone to build it if it isn't hard.

Here are my assumptions: 1. I could enable this on a cheap cloud server to expose a terminal that will work with tmux and vim. 2. I could create an account for my friend(s) so that they could access the server securely from within thier browser. 3. There is no clientside install or config needed.

Let me know if you are willing to wire it together.

I recommend taking a look at CodePicnic, which gives him a fully-functional Linux image front-ended by a JavaScript UI which you can embed anywhere. I have successfully used it from e.g. iPhone Safari.

ultimate hackathon demo tool!

I cant believe I have not heard of ngrok....

WHERETF have I been???

For historical reasons, it is most popular with Twilio developers. I find it indispensable for doing any sort of development where you need to get asynchronous callbacks from your API of choice.

I believe that the last time I tried running emacs in my browser, keyboard shortcuts didn't work well. With this they work flawlessly!

It's also perfectly performant on desktop (chrome with os x, air 2013), though still unusably slow on my phone (chrome on original motox).

This may be more of a testament to https://github.com/macton/hterm though! (apparently what gotty is using)

I wonder if it would be useful to run emacs within a browser based editor like Atom. It even seems plausible to be able to seamlessly switch editors "containers" for particular operations without even leaving a file (using the editors API to replace the pointer in the same place).

> I wonder if it would be useful to run emacs within a browser based editor like Atom

Considering Emacs is already thought of as a decent OS ("lacking a good editor"), I can only think:

"We have to go deeper."

How's Emacs doing these days? I know it was really popular a few years ago when everyone was editing files in it, but since I started with linux I only ever see people use Vim.

Just fine. If you only see vim its likely a filter bubble.

Very cool! I was always struggling during live presentations switching from browser to console window. Now I can use a browser window on the projector screen for both presentation and console.

Thanks for sharing.

Not to be snarky, but what's wrong with Alt+Tab (Or platform-specific equivalent)? You still have to use multiple windows -- that both happen to be in the browser doesn't seem particularly important.

I'm presenting a 101 python course tomorrow, I've just spotted this and I'm going to give it a go! Looks like it would be pretty cool (tmux!)

For that use-case, it's worth taking a look at the Chrome app store - there are a number of ssh clients that will run in a Chrome tab.

Ideally, you could even have console demos "embedded" within the presentation itself, perhaps even multiple consoles in order to show how changing state in one system affects another system.

You would need to set up gotty ahead of time with the specific demos, and embed requests for those iframes in slides or parts of slides.

Reminds me of https://showterm.io/

Check out https://nutty.io if you find gotty interesting you'll find nutty interesting too.

Everytime I use a terminal in the browser for a live demo I end up running into horrible keybinding conflicts between the two (hitting C-w to delete backwards word and instead closing the tab).

hmm.. uses hterm.js under the hood for the JS terminal, wonder how that compares to term.js.. very cool project indeed.

Is hterm.js in any way related to http://41j.com/hterm/ ?

Damn it, I literally could have used this last night. Ended up using a disposable VM on DIgitalOcean for shared tmux.

We were going to use tmate, but having to compile manually on OS X caused issues. Pro tip, if you only include instructions on how to install you tool with homebrew, at least make sure your makefile works on OS X. Not everyone has drunk or wants to drink the homebrew cool-aid. I currently use macports and grow ever tempted with the passage of time to switch over to PkgSrc or even a Gentoo Prefix install. Gentoo probably would have won by now if it was better able to integrate with the native shell, path vs entering prefix wise.

Can I ask for more detail explaining your aversion to homebrew? Just curious…

I've always thought it'd be interesting to write a display driver for VirtualBox that uses WebGL so you can essentially get a desktop through a web browser...

Something that works like Guacamole[1]?


... well there you go!

I can't read much of Go so can anyone explain how does this work at a high-level? The Vim editing example looks really cool! Does it keep taking a snapshot of the running command and send the data via a websocket?


^ Those are the key lines really.

It's running the command in a pseudo-terminal, capturing the output (as text) and sending it over a web socket.

I doubt it takes snapshots, I suspect it just runs the program with a redirected and buffered stdin, stdout, and stderr.

I'll have to try this. This would probably make screen pairing easier.

Gotta give this a shot. Very similar to shellinabox -- which also allows https, login shell, etc. On the other hand shellinabox has not been maintained since 2012/13.

This is such a useful project. Seems to be working well in my tests on OS X and i was unsuccessful setting up tmate on my machine.

(silent tears of joy)

Is it just me, or does this seem horrendously insecure? How does this prevent arbitrary third parties from accessing your terminal?

I think it comes with all the usual caveats of "don't run super sensitive things on external networks". My guess is the motivation is for presentations and other "one-time" usages like that.

There is a flag to allow/prevent write access, so third parties wouldn't be able to use your terminal unless you allow it (I believe its disabled by default) . I also think (if I'm reading correctly) that it only shares a single process and will terminate the session when that process exits, which gives you a little added security in that someone with write access only has the same level of access as that process (which for some processes could mean a lot).

It would still be wise to put some sort of auth or other security in front of it if you're not trying to share with the whole world. I think I would be cool if there was some basic mechanism built in.

what could possibly go wrong?

Anyone sending to localhost (the IP of the machine running this) would have access to said command line, and can do as they please.

What are the use cases for this?

Cool use case would be to follow a live stream of your favorite hacker in action!

Mind blowing, obvious once you see/use it.

Gotty + Pagekite (or ngrok) = remote happiness.

Cool and great idea!

twitch for MUDs!


Pretty cool! Security might be to reconsider.

Cool Stuff !!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact