I spent a weekend recently comparing GoTTY to similar solutions and GoTTY/ttyd (the C port) are the best projects. Ultimately, I chose ttyd (https://github.com/tsl0922/ttyd), because the main GoTTY project was abandoned 4 years ago. ttyd works very well for my use case, which is sharing a server to test some experimental security software. So far I've gotten thousands of more attempts by running a webserver than sharing SSH credentials. If you'd like to try the server, it's here: http://challenge.whitebeamsec.com/. The font/style are all configurable. The only downside is mobile browsers have difficulty typing.
Yea, sure. It's a server provided for security researchers. The challenge is to run any program we haven't allowed from the root shell. It's been defeated and patched 3 times over the past 2 years. You can get the list of allowed programs by running `whitebeam --list whitelist | grep Executable`. The details (and bounties) are listed here: https://github.com/WhiteBeamSec/WhiteBeam/blob/master/SECURI...
Unlike the challenge system, we also run some honeypots that record attempts. That way it's easy for both whitehats and blackhats to contribute to the overall QA testing.
No worries. I brought it back, DNS propagation just finished. Someone may have killed init or the like, which the software allows root to do. After all, why stop hackers from removing their own access and alerting the NOC team? :)
To whomever murdered init in cold blood: the challenge server is for trying to bypass the security software. If there are too many attempts to simply bring it offline I'll have to keep it powered off for a bit.
I did some research a short while ago but I’ve forgotten it all - but does too or any like it do persistence? I.e. I can close the window and reopen and see the same stuff that was just there?
My use case is starting long running processes - namely machine learning instances and having multiple people monitor through a browser and be able to close/reopen the window to check progress.
I do this currently using a jupyter notebook terminal but I’d like to not use jupyter notebooks at all if possible.
Screen / tmux etc is just too big a barrier for this unfortunately.
No, what you're asking for is exactly what screen and tmux were designed to do though. In the not too distant past many online services (frontend servers, databases, etc.) were basically just run out of tmux instances so different sysadmins could connect and monitor them, redeploy them, etc. It's a basic form of interactive process management which is what you're after.
I agree tmux especially can get pretty complex and frightful to learn. However just learn the basics of creating a session, exiting, and re-entering a session and you will be golden. Ignore all the fancy stuff like window splitting, layout, etc. until you need it.
edit: What you could do perhaps though is have a tool like GoTTY launch into your tmux session directly and attach to it instead of launching a plain bash or login shell. This way the less technical folks wouldn't have to remember how to use tmux. As far as they're concerned whenever they open the webpage they connect back to the running process.
I am sure there is one as the project looks very well done and comprehensive, but I'm sorry, I don't quite understand the use case for this? Where would one use this instead of SSH or even SSH over a http proxy?
Contributor here! (Only one PR but still!) At Automattic we use GoTTY to allow customers to run subcommands of the WordPress CLI on their web container in their browser. Having them connect via SSH would have been much harder due to things like keys and routing. With GoTTY we can use our existing web-based auth and routing systems. The support burden is extremely low compared to ssh.
Web browsers are available on practically every PC but SSH clients less so (especially on older Windows, I think Windows 10 has one now but still). This seems like a great way to check in on long running tasks from wherever you are (e.g. on a mobile phone or hotel computer), and being able to disable input means you don't have to worry too much about someone finding the URL and running malicious commands.
This is perfect for integrating into a web app behind a proxy that adds authentication, SSL, etc. Put it on a small cloud instance, add your favorite text editor, install all your development CLI tools and you've got a completely productive and 100% mobile development environment for example. You could load it up on a tablet while lounging in the sun and get real work done.
I've been using it for a few months to host a few terminal based games, and for that it has worked very well. I can also imagine it being useful for quickly throwing up a status page using top or whatever other tool you want.
I love these kind of utilities which serve terminals, or other apps over a webpage. I wonder if anybody knows of a program that does the same thing for presentations/slide decks. So I can serve a ppt with a command on my server and can view the slides over the web.
