Gospel of terminal enthusiasts: secure and encrypted remote terminal real-time sharing tool

Time:2022-1-3

[introduction]: a tool for viewing and controlling remote terminals from the browser through end-to-end encryption.

brief introduction

Termpair is a tool for viewing and controlling remote terminals from the browser through end-to-end encryption. The browser operates the command line remotely + in real time. So that developers can safely share and control the terminal in real time, which is especially suitable for the environment of server non desktop system.

Function:

  • Real time sharing UNIX terminal
  • Connect the shared terminal through the browser and keep the two synchronized
  • Support simultaneous connection of multiple browsers
  • Run to set the browser connection to read / write or read-only permissions
  • Secure connection, 128 bit encryption using AES algorithm
  • Need a secure HTTPS network environment
  • Allow yourself to build web applications
  • The size of the broadcast terminal is sent to the browser in real time, and the rendering always matches
  • Serve with nginx or run as a SYSTEMd service

Project address:

https://github.com/cs01/termpair

You can try at this address:

https://chadsmith.dev/termpair

Download and install

Only Linux and MacOS systems are supported, and python version 3.6 + needs to be installed.

Download executable

You can find the publishing page from the GitHub address of the project and directly download the executable file to run

https://github.com/cs01/termpair/releases

Install using pipx or pip

Pipx is officially recommended for installation. It will be installed in an isolated environment:

> pipx install termpair

Or install with PIP:

> pip install termpair

It should be noted that the termpair server and the terminal need to use the same running version.

function

Run the latest version directly with pipx without installation:

> pipx run termpair serve

Then broadcast and share:

> pipx run termpair share

Operating principle

Termpair consists of three parts: server, end client and javascript web application running in browser client.

Gospel of terminal enthusiasts: secure and encrypted remote terminal real-time sharing tool

The server

First, the termpair server starts. The server acts as a router to forward encrypted data between the termpair terminal client and the connected browser. The server listens for termpair websocket connections from UNIX terminal clients and maintains mappings to any browsers that connect to the client.

Terminal client

When users want to share their terminal, run termpair share to start the client. The termpair client registers the session with the server, then forks and starts a pty process. Termpair reads the data from the file descriptor of Pty when the data is available, then writes it to the standard output of the real terminal, and prints it normally here. However, it encrypts this output and sends it to the server via websocket.

Web application

The termpair client provides the user with a unique URL during the sharing session. The URL points to the termpair web application (typescript / react), which sets up the websocket connection to receive and send encrypted terminal data. After receiving the data, decrypt it and write it to the browser based terminal.

When the user enters in the browser terminal, it is encrypted in the browser with a key, sent to the server, forwarded from the server to the terminal, and then decrypted at the terminal through termpair. Finally, the termpair client writes it to Pty’s file descriptor.

encryption

The termpair client creates three 128 bit AES encryption keys at startup:

  • The first one is used to encrypt the output of the terminal before sending it to the server.
  • The second is used to encrypt user input before sending it to the server.
  • The third is the “boot” key used by the browser to decrypt the initial connection response from the broadcast terminal, including the above two keys encrypted with the third key. The browser obtains this bootstrap key through some URLs that the server cannot access or through user manual input. Key agreement algorithms such as Diffie Hellman are not used because multiple browsers can connect to the terminal, which will increase the complexity of termpair code base. However, some form of DH may be considered in the future.

Open source outpostShare popular, interesting and practical open source projects on a daily basis. Participate in maintaining the open source technology resource library of 100000 + star, including python, Java, C / C + +, go, JS, CSS and node js、PHP、. Net, etc.

Recommended Today

Vue2 technology finishing 3 – Advanced chapter – update completed

3. Advanced chapter preface Links to basic chapters:https://www.cnblogs.com/xiegongzi/p/15782921.html Link to component development:https://www.cnblogs.com/xiegongzi/p/15823605.html 3.1. Custom events of components 3.1.1. Binding custom events There are two implementation methods here: one is to use v-on with vuecomponent$ Emit implementation [PS: this method is a little similar to passing from child to parent]; The other is to use ref […]