Readit News logoReadit News
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
lynx23 · a year ago
Related: Does anyone by chance know how to configure an "anonymous" ssh account that always runs the same program? This would be great for making text mode games available to everyone without needing to support different platforms, now that windows actually ships with ssh.
quackduck · a year ago
you can configure sshd to run any random executable when a user connects
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
Tepix · a year ago
Looks like ascii colors aren't being filtered correctly.. which is a pretty big issue. White on white isn't very readable... :-)
quackduck · a year ago
this sounds like a terminal thing. what terminal are you on.
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
localfirst · a year ago
what sort of server resource usage is this like right now as you are getting a ton of traffic?

also noticed that people were able to run commands but permission denied. that kinda freaked me out. eventually somebody is going to figure out how to escape the go binary

quackduck · a year ago
im not worried at all :)
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
humanperhaps · a year ago
Didn't think about that when posting - my bad
quackduck · a year ago
oh nonono thanks for posting lol
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
fragmede · a year ago
I'd recommend using https://github.com/gliderlabs/ssh instead, no chance of some shell escape that way.
quackduck · a year ago
I use a fork of that!
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
phoyd · a year ago
I'm also interested. Setting up a passwordless SSH account for some public service sounds like a good way to give your machine away to North Korean hackers, because you forgot to set someting in /etc/sshd to "no".

Is there a usable description somewhere on how to do this safely?

quackduck · a year ago
i'd be interested in seeing that. here its ok because it doesnt use sshd at all
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
codetrotter · a year ago
See also: ssh-chat by shazow from ~10 years ago written in Go

  ssh chat.shazow.net
The most amazing part is perhaps the fact that this one is still around, 10 years later! Try it yourself and you’ll see :)

Discussion at the time:

https://news.ycombinator.com/item?id=8743374

Source code in GitHub repo here:

https://github.com/shazow/ssh-chat

quackduck · a year ago
ssh-chat sort of inspired devzat. here's the story: I used to live in dubai at the time and for some odd dns reasons I could never actually join ssh-chat, but it acted as proof that ssh chats are possible, and so I decided to make my own version of it. then I moved to the us and was actually able to use both ssh-chat and devzat.
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
yu3zhou4 · a year ago
There was a beginner friendly machine to hack on HackTheBox where you had to hack a Devzat instance
quackduck · a year ago
a devzat regular made that!
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
plussed_reader · a year ago
The in-network effect.
quackduck · a year ago
hmm? whats that
quackduck commented on Devzat – Chat over SSH, with some nice quality-of-life features   github.com/quackduck/devz... · Posted by u/humanperhaps
cwillu · a year ago
Or convince the ssh daemon to pass on terminal escape codes to another user.

https://nvd.nist.gov/vuln/detail/CVE-2021-33477

quackduck · a year ago
whoa
q

u/quackduck

KarmaCake day664February 12, 2021
About
github.com/quackduck

igoel.mail@gmail.com

View Original