Shulou(Shulou.com)06/03 Report--

Ttyd is a program that runs on the server and is accessed by the client through the web browser to connect the background tty (pts pseudo terminal) interface to move the shell terminal to the web browser.

WebSocket

WebSocket is a network technology based on HTTP protocol for single session, long connection and full duplex with server WebServer, which is provided by HTML5. By relying on this technology, the long connection between client and server, two-way real-time communication and the underlying technology stack based on real-time message push interaction from server to client can be realized.

Its biggest feature is that the server can actively push information to the client, and the client can also actively send information to the server, which is a real two-way equal dialogue, which belongs to a kind of server push technology.

Other features include:

Based on the TCP protocol, the server-side implementation is relatively easy. It has good compatibility with HTTP protocol. The default ports are also 80,443, and the handshake phase uses the HTTP protocol, so the handshake is not easily shielded and can be passed through a variety of HTTP proxy servers. The data format is lightweight, the performance overhead is small, and the communication is efficient. You can send text or binary data. There is no homologous restriction, and the client can communicate with any server. The protocol identifier is ws (or wss if encrypted) and the server URL is URL.

Ttyd is different from the underlying principle of Shellinabox project, it uses HTML5-based WebSocket protocol, less http interaction leads to more efficient, higher performance, lower latency interactive session service.

Ttyd can also be accessed through the Nginx layer 7 HTTP proxy for greater flexibility.

Ttyd built-in support SSL/TLS transport layer authentication encryption, support client / server one-way / two-way certificate authentication encryption, higher security.

OS Support:* macOS* Linux* Microsoft Windows* FreeBSD/OpenBSD* OpenWrt/LEDEFeature:* C language has a built-in core library of `libwebsockets` with high speed, low memory consumption and high performance. * the full-featured terminal based on `Xterm.js` supports character input in different CJK languages and IME input methods. * window graphical `ZMODEM` is supported, and the server needs to install the `lrzsz` program. * it can be implemented based on simple Basic Auth basic authentication (no encrypted communication). * support for encrypted communication at the transport layer based on OpenSSL (encrypted communication). * Cross-platform: macOS, Linux, FreeBSD/OpenBSD, OpenWrt/LEDE, WindowsLinux platform installation: method 1: download binary program files and run them directly locally (recommended) method 2: download source files, install dependent libraries, compile and install sudo apt-get install cmake glossary + pkg-config git vim-common libwebsockets-dev libjson-c-dev libssl-devgit clone https://github.com/tsl0922/ttyd.gitcd ttyd & & mkdir build & & cd buildcmake.. make & & make install

If you fail to install libwebsockets-dev (outdated version), you may need to compile and install libwebsockets separately.

Mode of use:

# Program help information:

Ttyd is a tool for sharing terminal over the webUSAGE: ttyd [options] [] VERSION: 1.5.2OPTIONS:-p,-- port Port to listen (default: 7681, use `0` for random port)-I,-- interface Network interface to bind (eg: eth0), or UNIX domain socket path (eg: / var/run/ttyd.sock)-c,-- credential Credential for Basic Authentication (format: username:password)-u -- uid User id to run with-g,-- gid Group id to run with-s,-- signal Signal to send to the command when exit it (default: 1, SIGHUP)-a,-- url-arg Allow client to send command line arguments in URL (eg: http://localhost:7681?arg=foo&arg=bar)-R) -- readonly Do not allow clients to write to the TTY-t,-- client-option Send option to client (format: key=value), repeat to add more options-T,-- terminal-type Terminal type to report, default: xterm-256color-O,-- check-origin Do not allow websocket connection from different origin-m,-- max-clients Maximum clients to support (default: 0, no limit)-o -- once Accept only one client and exit on disconnection-B,-- browser Open terminal with the default system browser-I,-- index Custom index.html path-6,-- ipv6 Enable IPv6 support-S,-- ssl Enable SSL-C,-- ssl-cert SSL certificate file path-K -- ssl-key SSL key file path-A,-- ssl-ca SSL CA file path for client certificate verification-d,-- debug Set log level (default: 7)-v,-- version Print the version and exit-h,-- help Print this text and exitVisit https://github.com/tsl0922/ttyd to get more information and report bugs. Use case:. / ttyd-p 8080 bash-x # page connects in the background with the current user's identity and environment variables, and the fork mode runs in bash debug mode. . / ttyd-- max-clients 2-u 500 top# runs the service as the specified system user, and the login page is the output of running the top command.

Run system account login authentication

. / ttyd-- max-clients 2 login# runs the service as the current user.

Note: if you need to log in to the terminal as root, you need to add the login terminal type pts/0 pts/1 pts/2 to the / etc/securetty file belonging to the primary group root. Of course, you also need to have the permission to read / etc/securetty file for the user running the ttyd program (that is, to start the ttyd service as root, of course).

Therefore, for security reasons, it is not recommended to start the ttyd service as root, and it is not recommended to log in to the pseudo terminal of the ttyd websockets page directly with the root account.

Run specific background interactive services

# console./ttyd-- max-clients 2-a mysql-h localhost / /-a,-- url-arg allows url to carry parameters, which will be directly applied to the command program. # browser 1 uses the command default parameter http://localhost:7681Warning: Using a password on the command line interface can be insecure.ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES) # browser 2 uses the specified command parameter http://localhost:7681/?arg=-uadmin&arg=-pPASSWORD&arg=mysqlmysql> show tables in the url request +-- + | Tables_in_mysql | +-+ | columns_priv | | db | | event | | func | | general_log | | help_category | | help_keyword | | help_relation | | help_topic | | innodb_index_stats | | innodb_table_stats | | ndb_binlog_index | | plugin | | proc | | procs_priv | | proxies_priv | | servers | | | slave_master_info | | slave_relay_log_info | | slave_worker_info | | slow_log | | tables_priv | | time_zone | | time_zone_leap_second | | time_zone_name | | time_zone_transition | | time_zone_transition_type | | user | | | +-+ 28 rows in set (0.00 sec) |

When uploading and downloading files through ZMODEM, the server needs to install lrzsz

# send the local file sz a.log to the client

# the server receives the file rz uploaded by the client

Encrypt transport traffic using SSL

This example uses a local self-signed certificate example

# CA certificate (FQDN must be different from server/client) openssl genrsa-out ca.key 2048openssl req-new-x509-days 365-key ca.key-subj "/ C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA"-out ca.crt# server certificate (for multiple domains, change subjectAltName to: DNS:example.com,DNS:www.example.com) openssl req-newkey rsa:2048-nodes-keyout server.key-subj "/ C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=localhost"-out server.csropenssl x509-sha256-req-extfile

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.