Some quick notes to document this somewhat tedious process.
To broadcast my terminal to the world:
If necessary, generate a self-signed TLS cert for gotty
.
openssl req -x509 -nodes -days 9999 -newkey rsa:2048 -keyout ~/.gotty.key -out ~/.gotty.crt
This was ripped straight from gotty
's README.
Run gotty
on localhost:8080
, serving a shared <foo>
session (or omit <foo>
to just spawn a shell).
gotty --tls --port 8080 --credential username:password tmux new -A -s gotty-session <foo>
Optionally, pass --permit-write
to allow clients to write to the session.
tmux
is necessary here because gotty
spawns a new process for all clients. So, have the first client create a tmux
session, and all clients afterwards attach to it.
username
/password
are for HTTP basic auth.
ssh
into a box on the public internet with port 443
open. Reverse tunnel connections to remote port 9001
on interface localhost
(implicit below) to the local host's 8080
(the gotty
server), and forward 443
connections to 9001
:
ssh -t -R 9001:localhost:8080 my-box.com sudo socat tcp-listen:443,reuseaddr,fork tcp:localhost:9001
Optionally, add ,bind=<interface>
to forward only connections to the specified interface.
Alternatively, skip the port forwarding and just connect to port 9001
manually.
Clients connect to the public IP address of the server you ssh
'd into over HTTPS, using the basic auth credentials passed to gotty
.