DIR <- Back
Terminal presentations via SSH + read-only tmux
===============================================
Have semi-trusted people connect to your machine via SSH. They immediatly
attach to a read-only tmux-session and can do nothing but watch.
I always liked the idea of having the ability to quickly let someone look
at something I do in the terminal in realtime.
This can be useful for many scenarios:
- holding presentations,
- tutoring commandline
- pair programming
- sharing gameplay (e.g. nethack)
I'm well aware that this can be achieved by fully sharing your graphical
screen like in Discord, Slack or Teams. But i find these methods lame,
bulky and a waste of ressources.
Since I can not estimate how secure this setup is, I do not recommend
running this as a public service that allows access to untrusted people.
I consider this setup experimental and unsecure. I am glad for every
critical opinion on this.
Here is the section for your /etc/ssh/sshd_config which forces the user
into the read-only tmux-session:
Match User viewer
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PermitTunnel no
X11UseLocalhost no
PermitTTY yes
ForceCommand tmux a -r -t viewer; exit
Afterwards you only need to nest the viewer-session into a tmux-session
controlled by the presenter.
For example:
# wild nesting
tmux new -s present
su - viewer
tmux a -t viewer
su - $your_user
Optional:
# deactivate tmux-statusbar for the viewers
tmux set -t viewer status off
# add viewercount for the presenter
tmux set -t present status-right "Viewer: #(who | grep viewer -c)"
I recommend to let people give you their pubkey so you can put it in
/home/viewer/.ssh/authorized_keys
This setup was inspired by the bitreich-con setup.
DIR bitreich-con setup
I used tmux over abduco and stripped away the audio portion.