User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:wetty [2024/04/23 10:43] willyservices:wetty [2024/08/07 14:53] (current) willy
Line 1: Line 1:
 ====== WeTTY  ====== ====== WeTTY  ======
  
-**NOTE:** i don't use WeTTY anymore, this page might get outdated over time.+[[https://butlerx.github.io/wetty/|WeTTY]] it's a web based terminal to your server. There are many other options to get a web-based console access to your server, but WeTTY is pretty simple and lightweight.
  
-[[https://butlerx.github.io/wetty/|WeTTY]] it'web based terminal to your server.+The goal is to have a terminal console on the server that you can access via web-browser. This is for when you desperately need remote access but cannot use any kind of terminal or Putty because the network blocks anything outside HTTPS or because you don't trust the computer you are using, or because you simply cannot run anything like on a kiosk or a locked-down tablet.
  
-Due to bug in the latest version (2.7.0) you need to install 2.6.0.+You could also run web-based VNC display or something, but that might be overkill on the network bandwidth while the web tty approach is more resillient. 
 + 
 +Please note that web-based TTY access is always limited and annoying, at best, it's only an emergency access route and probably not a comfortable day to day tool. 
 + 
 +Security wise, you must put your WeTTY behind a secured reverse-proxy with strong password protection because due to the nature of the tool you will need to setup automatic connection with SSH keys (passwordless) and the only kind of "security-by-obscurity", which is in itself non-existent, is that you can request username input.
  
 ===== Installation ===== ===== Installation =====
  
-Create dedicated user:+Due to a bug in the latest version (2.7.0) (see [[https://github.com/butlerx/wetty/issues/513|issue here]]) you need to install 2.6.0. 
 + 
 +Now, as usual,  create a dedicated user since it's not safe to run WeTTY as root:
 <code bash> <code bash>
-useradd -m wetty+useradd -d /data/daemons/wetty -m wetty
 </code> </code>
  
-Now install npm locally:+Install npm locally and generate an SSH key pair for the user and finally install WeTTY:
 <code bash> <code bash>
 su - wetty su - wetty
Line 21: Line 27:
 nvm install 20 nvm install 20
 npm -g i wetty@2.6.0 npm -g i wetty@2.6.0
 +ssh-keygen
 </code> </code>
  
-Now run+Now, WeTTY will run as user **wetty** but the actual login will be done from user //wetty// to your target user, let's call it **user**, using either password or SSH key. I was not able to setup password login properly but i didn't investigate too much because that would be not advisable anyway.
-<code bash> +
-wetty --host 127.0.0.1 --port 5522 --title ServerCasa --base /wetty/  +
-</code>+
  
-Might need to install fontawesome manually:+You need to enable SSH key login from user **wetty** to all the **users** you want to login as from your web console. Let's assume your target user is **user**, you need to copy //wetty// public key to //user// **~/.ssh/authorized_keys** file, so for example (as root):
 <code bash> <code bash>
-npm install --save @fortawesome/fontawesome-free +cat /data/daemons/wetty/.ssh/id_ed25519.pub >> /home/user/.ssh/authorized_keys 
-npm i --save @fortawesome/fontawesome-svg-core +chmod 644 /home/user/.ssh/authorized_keys
-npm i --save @fortawesome/free-solid-svg-icons+
 </code> </code>
 +
 +Done.
 +
 +===== Reverse Proxy =====
 +
 +WeTTY by default is based on **https://yourodmain.com/wetty** so the following NGINX config should be enough:
  
 <file conf wetty.conf> <file conf wetty.conf>
Line 47: Line 56:
   proxy_set_header Host $http_host;   proxy_set_header Host $http_host;
   proxy_set_header X-NginX-Proxy true;   proxy_set_header X-NginX-Proxy true;
 +          auth_pam "Casa";
 +        auth_pam_service_name "nginx";
 } }
 </file> </file>
  
 +Please note that it is **critical** to enable reverse proxy auth because otherwise anybody will be able to access your server console without any protection.
 +
 +See [[selfhost:nginx|The Reverse Proxy concept]] for more details.
 +
 +===== Start & Autostart =====
 +
 +Using OpenRC, drop the following script into /etc/init.d:
 +<file - /etc/init.d/wetty>
 +#!/sbin/openrc-run
 +# Copyright 1999-2021 Gentoo Authors
 +# Distributed under the terms of the GNU General Public License v2
 +
 +description="Web SSH console"
 +pidfile="/run/wetty.pid"
 +command_background=true
 +command="/home/wetty/wetty_start.sh"
 +command_args=""
 +command_user="wetty:wetty"
 +
 +depend() {
 +        need net
 +}
 +</file>
 +
 +And you will also need to create the following script under **/data/daemons/wetty/wetty_start.sh**:
 +<file - wetty_start.sh>
 +#!/bin/bash
 +
 +export NVM_DIR="$HOME/.nvm"
 +[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm
 +[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion
 +
 +wetty \
 + --host 127.0.0.1 \
 + --port 5522 \
 + --ssh-key ~/.ssh/id_ed25519 \
 + --ssh-host localhost \
 + --ssh-user user \
 + --ssh-auth publickey
 +</file>
 +
 +You need to copy the last lines of the **.bashrc** in the script because NVM requires those lines and OpenRC will run as non-interactive shell, thus bypassing the //.bashrc//.
 +
 +Note: if you want to leave the user out you can omit the //--ssh-user// part, but then you will need to point your browser to **https://mydomain.com/wetty/ssh/user** to access your console.
 +
 +And make it executable, then create the links:
 +<code bash>
 +chmod +x /etc/init.d/wetty
 +chmod +x /home/wetty/wetty_start.sh
 +rc-update add wetty default
 +</code>
  
-Note: [[https://github.com/butlerx/wetty/issues/513|issue here]]+And you are all set.