• Stars
    star
    838
  • Rank 54,406 (Top 2 %)
  • Language
    Go
  • License
    Apache License 2.0
  • Created about 5 years ago
  • Updated 3 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Instant Terminal Sharing

Upterm

Upterm is an open-source solution for sharing terminal sessions instantly over the public internet via secure tunnels. Upterm is good for

  • Remote pair programming
  • Access remote computers behind NATs and firewalls
  • Remote debugging
  • <insert your creative use cases>

This is a blog post to describe Upterm in depth.

Usage

The host starts a terminal session:

$ upterm host -- bash

The host displays the ssh connection string:

$ upterm session current
=== IQKSFOICLSNNXQZTDKOJ
Command:                bash
Force Command:          n/a
Host:                   ssh://uptermd.upterm.dev:22
SSH Session:            ssh IqKsfoiclsNnxqztDKoj:[email protected]

The client opens a terminal and connects to the host's session:

$ ssh IqKsfoiclsNnxqztDKoj:[email protected]

Installation

Mac

$ brew install owenthereal/upterm/upterm

Standalone

upterm can be easily installed as an executable. Download the latest compiled binaries and put it in your executable path.

From source

$ git clone [email protected]:owenthereal/upterm.git
$ cd upterm
$ go install ./cmd/upterm/...

Upgrade

upterm comes with a command to upgrade

Upgrade to the latest version

$ upterm upgrade

Upgrade to a specific version

$ upterm upgrade VERSION

Mac

$ brew upgrade upterm

Quick Reference

Host a terminal session that runs $SHELL with client's input/output attaching to the host's

$ upterm host

Display the ssh connection string and share it with the client(s)

$ upterm session current
=== SESSION_ID
Command:                /bin/bash
Force Command:          n/a
Host:                   ssh://uptermd.upterm.dev:22
SSH Session:            ssh [email protected]

A client connects to the host session with ssh

Host a terminal session that only allows specified client public key(s) to connect

$ upterm host --authorized-key PATH_TO_PUBLIC_KEY

Host a terminal session that only allows specified GitHub user client public key(s) to connect. This is compatible with --authorized-keys.

$ upterm host --github-user username

Host a terminal session that only allows specified GitLab user client public key(s) to connect. This is compatible with --authorized-keys.

$ upterm host --gitlab-user username

Host a session with a custom command

$ upterm host -- docker run --rm -ti ubuntu bash

Host a session that runs 'tmux new -t pair-programming' and force clients to join with tmux attach -t pair-programming. This is similar to what tmate offers.

$ upterm host --force-command 'tmux attach -t pair-programming' -- tmux new -t pair-programming

Connect to uptermd.upterm.dev via WebSocket

$ upterm host --server wss://uptermd.upterm.dev -- bash

A client connects to the host session via WebSocket

$ ssh -o ProxyCommand='upterm proxy wss://[email protected]' [email protected]:443

More advanced usage is here.

Tips

Why doesn't upterm session current show current session in Tmux?

upterm session current needs the UPTERM_ADMIN_SOCKET environment variable to function. And this env var is set in the specified command. Unfotunately, Tmux doesn't carry over environment variables that are not in its default list to any Tmux session unless you tell it to (Ref). So to get upterm session current to work, add the following line to your ~/.tmux.conf

set-option -ga update-environment " UPTERM_ADMIN_SOCKET"

How to make it obvious that I am in an upterm session?

It can be confusing whether your shell command is running in an upterm session or not, especially if the shell command is bash or zsh. Add the following line to your ~/.bashrc or ~/.zshrc and decorate your prompt to show a sign if the shell command is in a terminal session:

export PS1="$([[ ! -z "${UPTERM_ADMIN_SOCKET}"  ]] && echo -e '\xF0\x9F\x86\x99 ')$PS1" # Add an emoji to the prompt if `UPTERM_ADMIN_SOCKET` exists

Demo

asciicast

How it works

You run the upterm program by specifying the command for your terminal session. Upterm starts an SSH server (a.k.a. sshd) in the host machine and sets up a reverse SSH tunnel to a Upterm server (a.k.a. uptermd). Clients connect to your terminal session over the public internet via uptermd using ssh using TCP or WebSocket. A community Upterm server is running at uptermd.upterm.dev and upterm points to this server by default.

upterm flowchart

Deploy Uptermd

Kubernetes

You can deploy uptermd to a Kubernetes cluster. Install it with helm:

$ helm repo add upterm https://upterm.dev
$ helm repo update
$ helm search repo upterm
NAME            CHART VERSION   APP VERSION     DESCRIPTION
upterm/uptermd  0.1.0           0.4.1           Secure Terminal Sharing
$ helm install uptermd upterm/uptermd

Heroku

The cheapest way to deploy a worry-free Upterm server (a.k.a. uptermd) is to use Heroku. Heroku offers free Dyno hours which should be sufficient for most casual uses.

You can deploy with one click of the following button:

Deploy

You can also automate the deployment with Heroku Terraform. The Heroku Terraform scripts are in the terraform/heroku folder. A util script is provided for your convenience to automate everything:

$ git clone https://github.com/owenthereal/upterm
$ cd upterm

Provision uptermd in Heroku Common Runtime. Follow instructions.

$ bin/heroku-install

Provision uptermd in Heroku Private Spaces. Follow instructions.

$ TF_VAR_heroku_region=REGION TF_VAR_heroku_space=SPACE_NAME TF_VAR_heroku_team=TEAM_NAME bin/heroku-install

You must use WebScoket as the protocol for a Heroku-deployed Uptermd server because the platform only support HTTP/HTTPS routing. This is how you host a session and join a session:

Use the Heroku-deployed Uptermd server via WebSocket

$ upterm host --server wss://YOUR_HEROKU_APP_URL -- YOUR_COMMAND

A client connects to the host session via WebSocket

$ ssh -o ProxyCommand='upterm proxy wss://TOKEN@YOUR_HEROKU_APP_URL' TOKEN@YOUR_HEROKU_APP_URL:443

Digital Ocean

There is an util script that makes provisioning Digital Ocean Kubernetes and an Upterm server easier:

TF_VAR_do_token=$DO_PAT \
TF_VAR_uptermd_host=uptermd.upterm.dev \
TF_VAR_uptermd_acme_email=YOUR_EMAIL \
TF_VAR_uptermd_helm_repo=http://localhost:8080 \
TF_VAR_uptermd_host_keys_dir=PATH_TO_HOST_KEYS \
bin/do-install

Systemd

A hardened systemd service is provided in systemd/uptermd.service. You can use it to easily run a secured uptermd on your machine:

$ cp systemd/uptermd.service /etc/systemd/system/uptermd.service
$ systemctl daemon-reload
$ systemctl start uptermd

How is Upterm compared to prior arts?

Upterm is an alternative to Tmate.

Tmate is a fork of an older version of Tmux. It adds terminal sharing capability on top of Tmux 2.x. Tmate doesn't intend to catch up with the latest Tmux, so any Tmate & Tmux users must maintain two versions of the configuration. For example, you must bind the same keys twice with a condition.

Upterm is designed from the group up not to be a fork of anything. It builds around the concept of linking the input & output of any shell command between a host and its clients. As you see above, you can share any command besides tmux. This opens up a door for securely sharing a terminal session using containers.

Upterm is written in Go. It is more friendly hackable than Tmate that is written in C because Tmux is C. The Upterm CLI and server (uptermd) are compiled into a single binary. You can quickly spawn up your pairing server in any cloud environment with zero dependencies.

License

Apache 2.0

More Repositories

1

ccat

Colorizing `cat`
Go
3,105
star
2

godzilla

Godzilla is a ES2015 to Go source code transpiler and runtime
Go
1,482
star
3

hacker-menu

Hacker News Delivered to Desktop 👯
JavaScript
1,004
star
4

jqplay

A playground for jq, written in Go
Go
724
star
5

gh

Fast GitHub command line client (deprecated). gh has been merged into https://github.com/github/hub, see https://github.com/github/hub/issues/475 for more info
Go
721
star
6

thunderbird

⚡🐦 Elegant WebSockets in Go
JavaScript
511
star
7

goup

Elegant Go installer
Go
478
star
8

spotctl

A command-line interface to Spotify, written in Go
Go
242
star
9

nut

Vendor Go dependencies
Go
234
star
10

gotask

Idiomatic build tool in Go
Go
177
star
11

jekyll_and_hyde

A HTML presentation generator that generates a basic Jekyll scaffold with Slippy hooking up.
Ruby
174
star
12

candy

Candy is a zero-config reverse proxy server
Go
119
star
13

devise_uid

Add UID support to Devise.
Ruby
61
star
14

gaffer

Gaffer - Foreman on JVM
Java
56
star
15

msgpack_rails

MessagePack for Rails / msgpack.org[Rails]
Ruby
45
star
16

conf

Configuration loader in Go
Go
31
star
17

negroni-gorelic

negroni_gorelic is NewRelic middleware for negroni framework.
Go
27
star
18

gundam

The most destructive robot
Go
18
star
19

sql_parser

A Ruby SQL parser based on Treetop.
Ruby
18
star
20

vimux-zeus

vimux and zeus in action.
Vim Script
14
star
21

go-get-nuts

HTML5 Game built with Phaser
JavaScript
10
star
22

heroic_haiku

A simple game that is written in Flutter and Flame.
Dart
10
star
23

heroku-buildpack-wasmer

Heroku Buildpack for Wasmer
Shell
8
star
24

osh

The O shell
Go
8
star
25

jruby_sinatra_activerecord

A template app to run JRuby with Sinatra and ActiveRecord
Ruby
7
star
26

travisarchive

Travis Archive
Go
7
star
27

blog

My blog
JavaScript
6
star
28

dotfiles_old

My dotfiles
Shell
6
star
29

git-rebase-merge

A bash script to rebase and merge a Git topic branch to current branch.
Shell
5
star
30

homebrew-ccat

Homebrew fomular for `ccat` (deprecated), use `brew install ccat` instead
Ruby
4
star
31

eventloopclass

Go version of the exercises for The Truth About Event Loop Online Masterclass
Go
4
star
32

message_queue

A common interface to multiple message queues libraries.
Ruby
4
star
33

codeface

Run web-based VS Code on Heroku
Go
3
star
34

cheatsheets

3
star
35

patching_with_class_shadowing_and_maven

Using Maven to help with class shadowing.
Java
3
star
36

codefaces

a web-based source control client
Java
3
star
37

dotfiles

My dotfiles
Shell
3
star
38

hdp

HTTP Debug Proxy (HDP) logs HTTP requests for inspection.
Go
3
star
39

com.google.dart.compiler

A Dart compiler implemented in Java extracted from Dart's official repository.
Java
3
star
40

maven_jetty_plugin_example

Speed Up J2EE Environment Setup With Jetty Maven Plugin Example
Java
2
star
41

.dotfiles

dotfiles for my Mac
Ruby
2
star
42

mag

MAG - Full-Stack application development using MongoDB, AngularJS, and Go
2
star
43

ruby_grep

Module to search file(s) for lines that match a given pattern.
Ruby
2
star
44

priority_test

Run tests in priority order.
Ruby
2
star
45

tic_tac_toe_engine

A dead simple Tic Tac Toe engine.
Ruby
2
star
46

homebrew-gh

GH formulae for the Homebrew package manager
Ruby
2
star
47

testing_rest_web_services_with_rails

Ruby
2
star
48

rbfmt

Format Ruby code
Ruby
2
star
49

StoryboardRecipes

Example app following the book "iOS SDK Development" from Pragmatic Programmer
Objective-C
2
star
50

gostart

Go
1
star
51

buildzilla

Ruby
1
star
52

twitter_plus

an example of my talk about testing web service client
Ruby
1
star
53

isittheday.com

Ruby
1
star
54

stats_foundry

Ruby
1
star
55

ijws

I Just Wanna Say
Ruby
1
star
56

jekyll_and_hyde_demo

An example presentation generated by jekyll_and_hyde
1
star
57

karotz-proxy

Ruby
1
star
58

rails_engines_spike

Ruby
1
star
59

vpm

An awesome utility for managing Vim plugins.
Ruby
1
star
60

heroku-nginx-wasmer

Run Nginx with Wasmer on Heroku
HTML
1
star
61

api-proxy-spike

A spike to implement an API proxy
JavaScript
1
star
62

automatic_testing_of_rest_web_sevices_client_with_rails_source

Ruby
1
star
63

cortana

A Hubot for Twitter
CoffeeScript
1
star
64

odt

Owen's Development Tool
Go
1
star
65

rab

Rails Asset Builder (RAB)
Ruby
1
star
66

summarize-github-pull-requests

Perform automatic code reviews for GitHub pull requests (PR). The review is triggered when a PR is created and is triggered again for every subsequent commit in the PR. The code review is conducted for commit in the PR.
Rust
1
star
67

shortenerclj

A URL shortener implemented in Clojure
Clojure
1
star
68

hurley

Hurley and Faraday are both from the lost island
Go
1
star
69

sinatra-jruby-heroku

Shell
1
star
70

gameserverstatus

gameserverstatus
Clojure
1
star
71

narc

Node.js CI Server
JavaScript
1
star
72

jekyll_and_hyde_template

The source of the default jekyll_and_hyde template used by its generator.
1
star
73

loading_path_gotchas_in_rails3

A gotchas on load path of Rails 3.
Ruby
1
star
74

testing_web_services_client_slides

JavaScript
1
star