1<- Back /phlog kroovy.de 70 i Err kroovy.de 70 iTerminal presentations via SSH + read-only tmux Err kroovy.de 70 i=============================================== Err kroovy.de 70 i Err kroovy.de 70 iHave semi-trusted people connect to your machine via SSH. They immediatly Err kroovy.de 70 iattach to a read-only tmux-session and can do nothing but watch. Err kroovy.de 70 i Err kroovy.de 70 iI always liked the idea of having the ability to quickly let someone look Err kroovy.de 70 iat something I do in the terminal in realtime. Err kroovy.de 70 i Err kroovy.de 70 iThis can be useful for many scenarios: Err kroovy.de 70 i- holding presentations, Err kroovy.de 70 i- tutoring commandline Err kroovy.de 70 i- pair programming Err kroovy.de 70 i- sharing gameplay (e.g. nethack) Err kroovy.de 70 i Err kroovy.de 70 iI'm well aware that this can be achieved by fully sharing your graphical Err kroovy.de 70 iscreen like in Discord, Slack or Teams. But i find these methods lame, Err kroovy.de 70 ibulky and a waste of ressources. Err kroovy.de 70 i Err kroovy.de 70 iSince I can not estimate how secure this setup is, I do not recommend Err kroovy.de 70 irunning this as a public service that allows access to untrusted people. Err kroovy.de 70 i Err kroovy.de 70 iI consider this setup experimental and unsecure. I am glad for every Err kroovy.de 70 icritical opinion on this. Err kroovy.de 70 i Err kroovy.de 70 iHere is the section for your /etc/ssh/sshd_config which forces the user Err kroovy.de 70 iinto the read-only tmux-session: Err kroovy.de 70 i Err kroovy.de 70 i Match User viewer Err kroovy.de 70 i AllowAgentForwarding no Err kroovy.de 70 i AllowTcpForwarding no Err kroovy.de 70 i GatewayPorts no Err kroovy.de 70 i X11Forwarding no Err kroovy.de 70 i PermitTunnel no Err kroovy.de 70 i X11UseLocalhost no Err kroovy.de 70 i PermitTTY yes Err kroovy.de 70 i ForceCommand tmux a -r -t viewer; exit Err kroovy.de 70 i Err kroovy.de 70 iAfterwards you only need to nest the viewer-session into a tmux-session Err kroovy.de 70 icontrolled by the presenter. Err kroovy.de 70 i Err kroovy.de 70 iFor example: Err kroovy.de 70 i # wild nesting Err kroovy.de 70 i tmux new -s present Err kroovy.de 70 i su - viewer Err kroovy.de 70 i tmux a -t viewer Err kroovy.de 70 i su - $your_user Err kroovy.de 70 i Err kroovy.de 70 iOptional: Err kroovy.de 70 i # deactivate tmux-statusbar for the viewers Err kroovy.de 70 i tmux set -t viewer status off Err kroovy.de 70 i Err kroovy.de 70 i # add viewercount for the presenter Err kroovy.de 70 i tmux set -t present status-right "Viewer: #(who | grep viewer -c)" Err kroovy.de 70 i Err kroovy.de 70 iI recommend to let people give you their pubkey so you can put it in Err kroovy.de 70 i/home/viewer/.ssh/authorized_keys Err kroovy.de 70 i Err kroovy.de 70 iThis setup was inspired by the bitreich-con setup. Err kroovy.de 70 1bitreich-con setup /scm/bitreich-conference/file/README.md.gph bitreich.org 70 iI used tmux over abduco and stripped away the audio portion. Err kroovy.de 70 .