Show HN: Invite friends to SSH into your laptop using their GitHub handle

334 点作者 twakefield超过 8 年前

26 条评论

aleyan超过 8 年前

Neat.I use the following incantation when authorizing folks to ssh into my servers via github public keys:<pre><code> curl https://github.com/[github name].keys >> ~/.ssh/authorized_keys </code></pre> [github name] here should be replaced with github username of your friend or colleague. Really handy because I can just authorize them without a human request/response loop and manual key moving. Simple and no external tools needed. Normal caveats about authorizing people apply.

评论 #13486428 未加载

评论 #13487449 未加载

评论 #13487268 未加载

评论 #13489927 未加载

评论 #13487890 未加载

评论 #13487229 未加载

评论 #13514333 未加载

评论 #13488350 未加载

twakefield超过 8 年前

Hey HN - This is basically a hosted version of Teleport[0], which may scare some people. We don't store the sessions and you can always self-host if you prefer.[0] <a href="http://gravitational.com/teleport/" rel="nofollow">http://gravitational.com/teleport/</a>

评论 #13487026 未加载

评论 #13493845 未加载

评论 #13487407 未加载

OJFord超过 8 年前

Would be neat if having done<pre><code> teleconsole -i other_users_github_id </code></pre> my teleconsole session ID would be sent to server along with my Github ID (optionally other user's too) so that they could<pre><code> teleconsole -j my_github_id </code></pre> to join instead of having to share session ID and fumble around with that.No more/less secure that I can see, but it would be more convenient.

评论 #13486540 未加载

rafadc超过 8 年前

I prefer using tmux for this to be a bit more secure. I wrote a blog post about this [0] since it is a bit of a pain in the ass to set up properly. Maybe you should explore this too for your product.[0] <a href="http://joy.pm/2015/07/11/pairing_over_tmux.html" rel="nofollow">http://joy.pm/2015/07/11/pairing_over_tmux.html</a>

评论 #13487966 未加载

vesche超过 8 年前

I suppose this is useful if you have two systems both behind NAT...I've run into many situations where I'm remote and need to SSH into a NATed machine to fix something, and I typically will SSH reverse tunnel to a VPS.From the NATed machine:<pre><code> ssh -fN -R52222:localhost:22 user@publichost </code></pre> And then from the public machine:<pre><code> ssh user@localhost -p 52222</code></pre>

eof超过 8 年前

I'm confused and have a couple questions:1. Why would I want someone to ssh into my machine -- at least with the frequency that a service to help me do it is valuable?2. How is this easier/better than saying 'hey bro whats your ssh pub id? -- eh.. do `cat ~/.ssh/id_rsa.pub`Over all this seems like a tool that only super technical people would ever use, and for those people adding a key to authorized keys is trivial.

评论 #13486129 未加载

评论 #13486142 未加载

Dangeranger超过 8 年前

Regarding remote pair programming I haven't found a better or faster solution than TMate (<a href="https://tmate.io/" rel="nofollow">https://tmate.io/</a>)If I am feeling paranoid about the user on the other side, I only share just the read-only link, or the web link.

评论 #13487538 未加载

scandox超过 8 年前

I don't have friends that know what SSH is. Just wonderful colleagues.

评论 #13486076 未加载

matt_wulfeck超过 8 年前

> ssh-import-I'd gh:my-gh-nameThat little command will pull down your GitHub public keys and add them to authorized key file for the user who runs it. Great for setting up new computers. I run it on boot-time for imbedded devices so that I can always access them.

评论 #13490186 未加载

评论 #13486871 未加载

cfv超过 8 年前

What kind of abuse prevention measures does this have in place? As it stands it looks like a super convenient way to scp garbage into other people's computers and I'm not sure I'm sold on that.

评论 #13486257 未加载

评论 #13486608 未加载

chrissnell超过 8 年前

Another way, using only software that you have already: get your friends' public keys and make a burner account on any jointly-reachable server/laptop/whatever and do a follow-the-leader screen:<a href="http://blog.endpoint.com/2009/09/gnu-screen-follow-leader.html" rel="nofollow">http://blog.endpoint.com/2009/09/gnu-screen-follow-leader.ht...</a>

mschuster91超过 8 年前

Hmm. Seems like all traffic goes through a central proxy server.Shouldn't it be possible to use the central server only for hole-punching and implement a TCP-over-UDP connection so that the clients can directly communicate with each other? (And don't the major browser vendors already have public NAT-hole-punchers for WebRTC?)

评论 #13486729 未加载

giblfiz超过 8 年前

how is"curl <a href="https://www.teleconsole.com/get.sh" rel="nofollow">https://www.teleconsole.com/get.sh</a> | sh "Still considered even a remotely acceptable method for installation?

评论 #13486734 未加载

评论 #13486681 未加载

评论 #13486740 未加载

jeffheard超过 8 年前

You can use SSH keys for VNC, too. Would be neat to see a PoC that allowed you to invite someone to remote control your computer temporarily via their github handle. <a href="https://ubuntuforums.org/showthread.php?t=383053" rel="nofollow">https://ubuntuforums.org/showthread.php?t=383053</a>

chilicuil超过 8 年前

Other than using [tmate](<a href="https://tmate.io/" rel="nofollow">https://tmate.io/</a>), I use some aliases:github-pair (<a href="https://github.com/chilicuil/shundle-plugins/blob/master/aliazator/aliases/extra/curl.aliases#L4" rel="nofollow">https://github.com/chilicuil/shundle-plugins/blob/master/ali...</a>)github-unpair (<a href="https://github.com/chilicuil/shundle-plugins/blob/master/aliazator/aliases/extra/curl.aliases#L5" rel="nofollow">https://github.com/chilicuil/shundle-plugins/blob/master/ali...</a>)Those add / remove keys from github to ~/.ssh/authorized_keys

e_proxus超过 8 年前

Are there any advantages to using this instead of exposing port 22 temporarily via ngrok advantages adding your friend public key to authorized_keys? (Which has the added advantage of being pure, unmodified SSH)<a href="https://ngrok.com" rel="nofollow">https://ngrok.com</a>

评论 #13486680 未加载

评论 #13486574 未加载

bound008超过 8 年前

Note to the author: Please don't have a command line flag that either means ( a valid local posix path ) or ( a username/handle from a specific online service that will be fetched over the network ). *nix cli tools are supposed to be unambiguous. I'd fork/issue/patch it, but I don't have a need to let people ssh into my any of my boxes. Just posting this here because its a valid learning opportunity that making something "easy" is not always the right choice in a cli tool, and that namespaces are important. What if I have a file named the same as a github user? Which thing will work? Will that behavior change unexpectedly? Best to make them different flags.

评论 #13493645 未加载

txutxu超过 8 年前

Publishing the public key that you use to push to github/gitlab is not a big issue... But Re-using your github key-pair, to connect to other unknown and uncontrolled places, _is_ a security issue.Even re-using your daily system user, for this, is a security issue.But if you never did read the sshd_config man page, or never did play with its options, maybe you're unaware of this.Also the sshd could be modified at source level.

评论 #13490128 未加载

sigjuice超过 8 年前

I'm guessing the SSH session between me and my friend is not encrypted end-to-end because of proxies and what not in between?

评论 #13485794 未加载

评论 #13485855 未加载

pipework超过 8 年前

This feature was implemented in tweemux, a lighter wemux-like tool.<a href="https://github.com/PeopleAdmin/tweemux" rel="nofollow">https://github.com/PeopleAdmin/tweemux</a>It's pretty neat.

domoritz超过 8 年前

If you only want to share your shell and not allow anyone to send commands, use <a href="https://shellshare.net/" rel="nofollow">https://shellshare.net/</a>.

nodesocket超过 8 年前

Awesome! I just launched a DevOps consulting company (<a href="https://elasticbyte.net" rel="nofollow">https://elasticbyte.net</a>), and Teleconsole looks like a great option for interactive SSH sessions with clients.

bogomipz超过 8 年前

I would be curious to hear anyones feedback on their experience running Teleport in production. I like what I have read on the site and it certainly has some nice features.

netsharc超过 8 年前

So how does the -i parameter know to look in a local file or on github for the public key? Does it look for a ".pub" in the filename? Feels clunky to me.

评论 #13490026 未加载

Exuma超过 8 年前

Reminds me of tmate

评论 #13487214 未加载

problems超过 8 年前

Yeah, what a great idea, let random "cloud" services authenticate who gets to login to your machine!

评论 #13485898 未加载