Devzat – Chat over SSH, with some nice quality-of-life features | Better HN

Devzat – Chat over SSH, with some nice quality-of-life features | Better HN

105 comments

hiAndrewQuinn1y ago

I have a Raspberry Pi running a read-only server where some friends and I have a "poor man's IRC" chat, in that we all log in from Termux and post messages to one another using `wall`. It's absolutely ridiculous and I love it.

It's one of those things that if you need to ask why, you'll never understand :-)

complaintdept1y ago

Install `finger` and you've practically got a social media platform.

queuebert1y ago

.plan was the original status update.

I’m trying to google finger and all I get is fingerprint software

_joel1y ago

Yea, came here to say, what about wall! :)

rwmj1y ago

I wonder if you could do something similar with an ssh account which is hard-wired to run 'ytalk' (https://en.wikipedia.org/wiki/Talk_(software)).

Probably. See my comment (and example repo) elsewhere about running any old binary when someone connects.

Borg31y ago

Or you can just run IRC client on start. Just trap SIGINT and SIGTSTP, run simple or modified client that cannot do exec or escape to shell and you are done :)

jagged-chisel1y ago

Spoiler: set the user’s shell to any old binary, like a chat app.

qudat1y ago

Pretty neat! We implemented something similar with an IRC chat app (senpai) in our SSH app (pico.sh). After the user creates an account, it lets users connect to our public IRC bouncer with a single command (`ssh pico.sh -t chat`).

ref: https://pico.sh/irc

codetrotter1y ago

See also: ssh-chat by shazow from ~10 years ago written in Go

  ssh chat.shazow.net

The most amazing part is perhaps the fact that this one is still around, 10 years later! Try it yourself and you’ll see :)

Discussion at the time:

https://news.ycombinator.com/item?id=8743374

Source code in GitHub repo here:

https://github.com/shazow/ssh-chat

quackduck1y ago

ssh-chat sort of inspired devzat. here's the story: I used to live in dubai at the time and for some odd dns reasons I could never actually join ssh-chat, but it acted as proof that ssh chats are possible, and so I decided to make my own version of it. then I moved to the us and was actually able to use both ssh-chat and devzat.

nojs1y ago

> odd dns reasons

I would love to hear more about this

codetrotter1y ago

That’s so cool and nice :D

Any idea what we could do to allow all of the people still in Dubai to join chats over ssh too?

languagehacker1y ago

I'd be curious whether there's any security concerns on this one. Could an attacker craft a message that gets access to execute commands into a client terminal?

qudat1y ago

This is not sshd, this is a golang binary that uses the stdlib ssh lib. You would have to either a) figure out how to escape out of a golang binary, or b) if the go code executes shell commands with some user provided text, trying to shell inject something in there.

cwillu1y ago

Or convince the ssh daemon to pass on terminal escape codes to another user.

https://nvd.nist.gov/vuln/detail/CVE-2021-33477

Tepix1y ago

You may not want the chat server owner to know which public ssh key you are using for privacy reasons.

Workaround: Specify another ssh keypair

freedomben1y ago

Yeah, though SSH is already very mature at processing text, so it's a surprisingly good fit for a chat. I would also remember that any machine you SSH from is going to give the server some metadata like IP address, public keys (which aren't useful as creds but can be for tracking). Really fun little project though

tjoff1y ago

SSH might be, but maybe not your terminal. Which the very least can possibly trick you using escape codes. Also, unless my memory fails me 'cat'ing an untrusted file isn't recommended for security reasons.

Additionally you should disable SSH forwarding. Relevant thread from the startup selling coffee over SSH: https://news.ycombinator.com/item?id=40227624

phoyd1y ago

I'm also interested. Setting up a passwordless SSH account for some public service sounds like a good way to give your machine away to North Korean hackers, because you forgot to set someting in /etc/sshd to "no".

Is there a usable description somewhere on how to do this safely?

quackduck1y ago

i'd be interested in seeing that. here its ok because it doesnt use sshd at all

https://news.ycombinator.com/item?id=41002245

I experimented with writing a shell replacement a while back. Turns out you can just run any old program. Here’s and example “hello world” shell replacement written in Go.

https://github.com/codazoda/goshell

jagged-chisel1y ago

> Turns out you can just run any old program.

It’s amazing how simple some things are. Similarly, an HTTP server can also run any old binary in response to an incoming request. As long as it produces output that looks like an HTTP response, the client will receive that response.

but nginx or caddy can't run CGIs, they want scalability to the billions.

Disclaimer: I build a personal social web server https://seppo.social like that on top of shared (apache) hosting requiring no root privileges to install and run.

Or with a few lines of sh you can turn many cli tools to web services like https://qr.mro.name/

steve19771y ago

good old cgi

quackduck1y ago

so sorry for it being down right now. hn hug of death is real

humanperhapsOP1y ago

Didn't think about that when posting - my bad

quackduck1y ago

oh nonono thanks for posting lol

xyst1y ago

Guess it’s only useful as a toy :)

bjoli1y ago

Or the person never expected more than a couple of hundred concurrent users and dimensioned the container or whatever after that.

I once wrote a similar chat, but much much worse in many ways, that could easily handle thousands of concurrent users, but hosted it on a 1mbit residential line. When Slashdot hit it I stood no chance.

quackduck1y ago

I just have a really shit server

There was a beginner friendly machine to hack on HackTheBox where you had to hack a Devzat instance

quackduck1y ago

a devzat regular made that!

freedomben1y ago

Cool, the source code is amazingly readable. Also love the sense of humor :-D such as https://github.com/quackduck/devzat/blob/main/commands.go#L1...

knodi1y ago

When I read this comment, thought good readability it’s got to be Go

Aeolun1y ago

The readability might be nice, but the way files are structured makes no sense to me.

In PHP/Typescript there’s always a direct correspondence between imports and file locations, but Go baffles me.

cdelsolar1y ago

why is this downvoted?

jasonjayr1y ago

As a gentle reminder, if you are forwarding your ssh-agent by default, you should connect with:

    ssh -o 'ForwardAgent no' $host

So your secure identities are not exposed to a random ssh server ...

Aeolun1y ago

Forwarding your agent by default (to all hosts!) sounds like a terrible idea.

sdsd1y ago

I love stuff like this. I made a widget for MacOS where you can see incoming |hi messages sent to your Urbit, as a kind of poor man's p2p chat. But I didn't add a feature to send hi messages, so you still need a CLI for that.

You can see what it looks like here: https://www.youtube.com/watch?v=_bAx4Jx39jE&t=384s

(it's the widget in the bottom right of the screen)

lynx231y ago

Related: Does anyone by chance know how to configure an "anonymous" ssh account that always runs the same program? This would be great for making text mode games available to everyone without needing to support different platforms, now that windows actually ships with ssh.

SushiHippie1y ago

Wouldn't it be possible to just change the shell via 'chsh' or editing /etc/passwd to point to the text mode game for a particular user

lynx231y ago

THats the theory. However, AIUI, you need a machine that only does this single application. Because if you have a user without password, that can be an issue for many other services. SMTP for instance.

customize https://github.com/gliderlabs/ssh

I use it for funky.nondeterministic.computer

lynx231y ago

Thanks for the link! However, I will not touch the Google programming language.

quackduck1y ago

you can configure sshd to run any random executable when a user connects

xyst1y ago

Is this working for anybody else?

I created a throwaway ed25519 key, reconfigured ssh config, and tried to connect with ‘ssh chat’

Nothing loads. ‘ssh -v chat’ isn’t helpful either. ping and nc (on both 22 and 443) show the server (or load balancer) is accessible for me.

Maybe a “hnfp DoS” (hacker news front page DoS)?

n2e1y ago

Have you tried connecting with the actual hostname directly instead of an alias?

Edit: nvm the author said it’s down

quackduck1y ago

back up now!

1vuio0pswjnm71y ago

https://man.netbsd.org/authpf.8

https://man.openbsd.org/authpf

If you want to use my server, it might be a little more powerful than the current one. I would self host but to be honest I'd prefer helping out with the main instance. In case, I am here

Tepix1y ago

Looks like ascii colors aren't being filtered correctly.. which is a pretty big issue. White on white isn't very readable... :-)

quackduck1y ago

this sounds like a terminal thing. what terminal are you on.

localfirst1y ago

what sort of server resource usage is this like right now as you are getting a ton of traffic?

also noticed that people were able to run commands but permission denied. that kinda freaked me out. eventually somebody is going to figure out how to escape the go binary

quackduck1y ago

im not worried at all :)

nedpat1y ago

This is actually cool!

But unless I'm missing something, what's the difference between this and IRC?

plussed_reader1y ago

The in-network effect.

quackduck1y ago

hmm? whats that

ipsum21y ago

Doesn't seem to be working, the chat is frozen and I can't type anything.

Same here, seems to have crashed.

quackduck1y ago

working on bringing it back, hold on

aa-jv1y ago

This is great, now we just need a way to host it on our mobile phones.

danslo1y ago

I appear to have crashed the server with "tic 999", sorry guys!

quackduck1y ago

that wasn't it but yeah lol

tempestlxc1y ago

Chatting via SSH has given me a lot of insights. Thank you.

This makes my list for top of the year, nice work.

callwhendone1y ago

ssh: connect to host devzat.hackclub.com port 22: Connection refused

PORT STATE SERVICE

22/tcp closed ssh

Nmap done: 1 IP address (1 host up) scanned in 1.18 seconds

----

overloaded?

Normal talk in unices system can do that.

Irc have exange data between server and minimalize data trafic.

still irc is better, but meybe in future

There was also `write` [0]. It would literally parse /etc/utmp [1] to find out which terminal the recepient user was logged on, then it would open that terminal and write(2) the message to it. Ah, wonderful user isolation.

[0] https://man.cat-v.org/unix-6th/1/write

[1] https://man.cat-v.org/unix-6th/5/utmp

riedel1y ago

I still use posix write [1] if there is an incident and i want to talk to the other admins that all try to fix sth. Quite fünf AS the younger ones are always Quote puzzled and feel caught...

[1] https://manpages.org/write

j / k navigate · click thread line to collapse