There are many facts and rumors about the internet surveillance and privacy violations. I have recently found very simple chat solution called ssh-chat. It is written in golang and provides the chatting between multilpe parts in simple terminal opened by standard ssh client. So it benefits from ssh security and any client participant has no need to install any additional software. The author published his ideas in the article: Why aren’t we using SSH for everything?
It can be easily run on your local computer, VPS or dedicated server. Here is the example of installation on Ubuntu 16.04 based server.
Setup
Download the binary or if you have go installed download and compile the code according to instructions here
The instrutions below are run with sudo privileges:
$ sudo bash
Create the special user to own running server with low priviledges
# groupadd -r sshchat && useradd -r -g sshchat -s /usr/sbin/nologin -d /nonexistent sshchat
Generate identity key and prepare whitelist and message of the day file.
# mkdir /etc/sshchat && chgrp sshchat /etc/sshchat && chmod g+s /etc/sshchat
# cd /etc/sshchat && mkdir keys && cd keys
# ssh-keygen -f idkey
# touch whitelist && chmod 640 whitelist
# cd .. && cat 'Welcome to chat' > motd.txt
Go to dir with compiled binary and put it to executable location:
# cp ssh-shat /usr/local/bin/ssh-chat
# chgrp sshchat /usr/local/bin/ssh-chat && chmod 750 /usr/local/bin/ssh-chat
Create systemd service
# vim /lib/systemd/system/sshchat.service
and put there following content:
[Unit]
Description=Ssh Chat Server
Wants=network.target
After=network.target
[Service]
User=sshchat
Group=sshchat
ExecStart=/usr/local/bin/ssh-chat --bind=":15555" --identity=/etc/sshchat/keys/idkey --whitelist=/etc/sshchat/keys/whitelist --motd=/etc/sshchat/motd.txt
[Install]
WantedBy=multi-user.target
Update systemctl:
systemctl daemon-reload
Create start script that automaticall enables/disables firewall:
# vim /usr/local/bin/schat.sh
with content below:
#!/bin/bash
if [ "$EUID" -ne 0 ]
then echo "Please run as root"
exit
fi
case $1 in
start)
ufw allow proto tcp from 0.0.0.0/0 to any port 15555
systemctl start sshchat
echo "Started"
;;
stop)
systemctl stop sshchat
ufw delete allow proto tcp from 0.0.0.0/0 to any port 15555
echo "Stopped"
;;
status)
systemctl status sshchat
;;
*)
echo "Usage: sudo schat.sh start|stop|status"
;;
esac
Adding user to whitelist
If you start your server without whitelist option, anybody can connect to your chat server. In order to probide login security each client have to generate own key:
$ ssh-keygen -f chatkey
and then send it's public part (chatkey.pub file) to server owner.
Server owner has to add it to whitelist file like:
# cat chatkey.pub >> /etc/sshchat/keys/whitelist
The client can connect to chat like:
$ ssh chatuser@chatserver -i chatkey
Usage
To start chat server
$ sudo schat.sh start
To stop chat server
$ sudo schat.sh stop
To get status of server
$ sudo schat.sh status
Congratulations @webzak! You have received a personal award!
Click on the badge to view your Board of Honor.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @webzak! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit