User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:wetty [2024/04/23 12:49] willyservices:wetty [2024/08/07 14:53] (current) willy
Line 1: Line 1:
 ====== WeTTY  ====== ====== WeTTY  ======
  
-**NOTE:** i don't use WeTTY anymore, this page might get outdated over time.+[[https://butlerx.github.io/wetty/|WeTTY]] it's a web based terminal to your server. There are many other options to get a web-based console access to your server, but WeTTY is pretty simple and lightweight.
  
-[[https://butlerx.github.io/wetty/|WeTTY]] it'web based terminal to your server.+The goal is to have a terminal console on the server that you can access via web-browser. This is for when you desperately need remote access but cannot use any kind of terminal or Putty because the network blocks anything outside HTTPS or because you don't trust the computer you are using, or because you simply cannot run anything like on a kiosk or a locked-down tablet.
  
-Due to bug in the latest version (2.7.0) (see [[https://github.com/butlerx/wetty/issues/513|issue here]]) you need to install 2.6.0.+You could also run web-based VNC display or something, but that might be overkill on the network bandwidth while the web tty approach is more resillient. 
 + 
 +Please note that web-based TTY access is always limited and annoying, at best, it's only an emergency access route and probably not a comfortable day to day tool. 
 + 
 +Security wise, you must put your WeTTY behind a secured reverse-proxy with strong password protection because due to the nature of the tool you will need to setup automatic connection with SSH keys (passwordless) and the only kind of "security-by-obscurity", which is in itself non-existent, is that you can request username input.
  
 ===== Installation ===== ===== Installation =====
  
-First of all, you need **sshpass** for password login to work with WeTTY: +Due to a bug in the latest version (2.7.0) (see [[https://github.com/butlerx/wetty/issues/513|issue here]]you need to install 2.6.0.
-<code bash> +
-emerge sshpass +
-</code> +
-(doesnt seems to be working anyway)+
  
 Now, as usual,  create a dedicated user since it's not safe to run WeTTY as root: Now, as usual,  create a dedicated user since it's not safe to run WeTTY as root:
 <code bash> <code bash>
-useradd -m wetty+useradd -d /data/daemons/wetty -m wetty
 </code> </code>
  
-Now install npm locally:+Install npm locally and generate an SSH key pair for the user and finally install WeTTY:
 <code bash> <code bash>
 su - wetty su - wetty
Line 29: Line 29:
 ssh-keygen ssh-keygen
 </code> </code>
 +
 +Now, WeTTY will run as user **wetty** but the actual login will be done from user //wetty// to your target user, let's call it **user**, using either password or SSH key. I was not able to setup password login properly but i didn't investigate too much because that would be not advisable anyway.
 +
 +You need to enable SSH key login from user **wetty** to all the **users** you want to login as from your web console. Let's assume your target user is **user**, you need to copy //wetty// public key to //user// **~/.ssh/authorized_keys** file, so for example (as root):
 +<code bash>
 +cat /data/daemons/wetty/.ssh/id_ed25519.pub >> /home/user/.ssh/authorized_keys
 +chmod 644 /home/user/.ssh/authorized_keys
 +</code>
 +
 +Done.
  
 ===== Reverse Proxy ===== ===== Reverse Proxy =====
 +
 +WeTTY by default is based on **https://yourodmain.com/wetty** so the following NGINX config should be enough:
  
 <file conf wetty.conf> <file conf wetty.conf>
Line 44: Line 56:
   proxy_set_header Host $http_host;   proxy_set_header Host $http_host;
   proxy_set_header X-NginX-Proxy true;   proxy_set_header X-NginX-Proxy true;
 +          auth_pam "Casa";
 +        auth_pam_service_name "nginx";
 } }
 </file> </file>
 +
 +Please note that it is **critical** to enable reverse proxy auth because otherwise anybody will be able to access your server console without any protection.
 +
 +See [[selfhost:nginx|The Reverse Proxy concept]] for more details.
  
 ===== Start & Autostart ===== ===== Start & Autostart =====
  
-start:+Using OpenRC, drop the following script into /etc/init.d: 
 +<file - /etc/init.d/wetty> 
 +#!/sbin/openrc-run 
 +# Copyright 1999-2021 Gentoo Authors 
 +# Distributed under the terms of the GNU General Public License v2 
 + 
 +description="Web SSH console" 
 +pidfile="/run/wetty.pid" 
 +command_background=true 
 +command="/home/wetty/wetty_start.sh" 
 +command_args="" 
 +command_user="wetty:wetty" 
 + 
 +depend() { 
 +        need net 
 +
 +</file> 
 + 
 +And you will also need to create the following script under **/data/daemons/wetty/wetty_start.sh**: 
 +<file - wetty_start.sh> 
 +#!/bin/bash 
 + 
 +export NVM_DIR="$HOME/.nvm" 
 +[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"  # This loads nvm 
 +[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion"  # This loads nvm bash_completion 
 + 
 +wetty \ 
 + --host 127.0.0.1 \ 
 + --port 5522 \ 
 + --ssh-key ~/.ssh/id_ed25519 \ 
 + --ssh-host localhost \ 
 + --ssh-user user \ 
 + --ssh-auth publickey 
 +</file> 
 + 
 +You need to copy the last lines of the **.bashrc** in the script because NVM requires those lines and OpenRC will run as non-interactive shell, thus bypassing the //.bashrc//
 + 
 +Note: if you want to leave the user out you can omit the //--ssh-user// part, but then you will need to point your browser to **https://mydomain.com/wetty/ssh/user** to access your console. 
 + 
 +And make it executable, then create the links:
 <code bash> <code bash>
-wetty --host 127.0.0.1 --port 5522 --ssh-key ~/.ssh/id_ed25519 --ssh-host localhost --ssh-user myuser --ssh-auth publickey+chmod +x /etc/init.d/wetty 
 +chmod +x /home/wetty/wetty_start.sh 
 +rc-update add wetty default
 </code> </code>
  
 +And you are all set.
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information