Intro

Supervised SSH(S3H) is a tool for guest remote login and command execution.

When a guest requests to run some commands on a server, the owner of the server needs to grant them an account (normally with SSH access) on the server and the owner has no control over what commands they run on the server. Dislike SSH, S3H doesn't give the guest full access to the server, every command a guest runs on the server requires the owner's approval.

On the owner side, the owner needs a UI to review guests' requests, and we integrate Telegram to help with that.

On the guest side, the usage is the same as SSH. Just need to wait for approval after every command.

Untitled

Setup and usage

The S3H uses CoLink for user abstract and discover other users(servers), for more info please refer to https://colink.app/

To set up S3H, both guest and owner need to set up their own CoLink server and CoLink user account.

Please refer to CoLink Server Setup and Generate and import new users about how to set up a CoLink server and create a CoLink user.

Owner

  1. On the owner side, we need the s3h protocol as the S3H server and the telegram_bot protocol for Telegram integration.

    To enable these protocols, please add the telegram_bot protocol to your server. Add the following configuration to user_init_config.toml (normally placed in ~/.colink folder)

    [telegram_bot]
operator_num = 1

[s3h]
operator_num = 1

    <aside> đź’ˇ Make sure you add these protocol to your CoLink server before you create a CoLink user.

    </aside>

  2. To receive the requests from guest in Telegram, you need to connect your Telegram to CoLink, please refer to ‣

  3. Then it's all set. When someone connects to your server and requests to run a command, you will get a notification in Telegram and you also can make a decision by clicking the button in Telegram.

    Untitled

Guest

  1. On the guest side, we provide a binary client to let the guest connect to its CoLink server.

  2. Download the s3h client from here.

    wget <https://github.com/CoLearn-Dev/colink-protocol-s3h-dev/releases/latest/download/s3h>
chmod +x s3h

  3. Set up the guest user’s CoLink server and JWT. Replace <core_addr>, <user_jwt> in the following command, and run the command.

    export COLINK_CORE_ADDR=<core_addr>
export COLINK_JWT=<user_jwt>

  4. Connect to the owner’s server: get the owner’s CoLink user id and run the following command

    ./s3h <owner_user_id>

  5. After you connect to the owner’s server, you can use it like SSH. Type the command you want to run and wait for the owner’s approval.

    Untitled