1. 2. 3. 4. ~/

so you want to learn to make an ssh app pt. 2

intro

First of all - do you have access to your own server? If not, sign up for Nest, which is a shared Linux server for Hack Clubbers. (I’m a very big Nest fan, if you can’t tell)

 

You can do that by checking out Quetzal, the Nest app on the Hack Club Slack. Make sure your identity has been verified as a high schooler on identity.hackclub.com

 

When you set up Quetzal for using nest, it’ll ask you for your SSH public key. This is the one with the .pub extension.

 

In the future, you’ll come across a bunch of services which ask you for your SSH public key. This is safe to give out. What you should be keeping private is your aptly named private key, which is the other file.

ssh keys

note: the nest quickstart will walk you through this.

Ordinarily, servers don’t just let random people connect whenever they want, particularly if this is a server you’re hosting cool important and top secret things on. So, how do we recognise that the person connecting is someone who’s actually allowed to?

 

We use something called SSH keys!

 

  1. Open a Terminal or Command Prompt and run ssh-keygen -t ed25519.
  2. Follow the prompts - for this tutorial, you don’t need to set a passphrase.
  3. Check out the .ssh folder. There should be two new files in there. Congrats, you’ve just generated your first (or maybe not) SSH key.

 

You’ve just generated two files in the ~/.ssh folder - collectively, they are an SSH key pair. One will have a .pub file extension and the other will not have anything (if you don’t see this, you might need to enable viewing file extensions in file explorer/finder/whatever else).

 

Behind the scenes, Nest is adding your public key to the ~/.ssh/authorized_keys file in your user directory. This way, the server knows that if it detects an incoming connection and recognises your ssh key from that, that it should be allowing the connection. waow.

how 2 ssh

when you first try out Nest, you’re able to SSH with the command ssh <username>@hackclub.app. The username obviously represents you! If you do not specify a username when you SSH, it will default to the username of the user you’re logged in with. It’s possible to customise (and lots of apps do) the behaviour of SSH apps when certain usernames are used - for instance, running ssh hosting@hackclub.com -p 5555 will show the guide you’re reading right now, but swapping out the username for creating will show (presumably) the guide you just read. Other apps may render other custom behaviour, use the username that was specified in the app somewhere, or just block connections that don’t come from a certain username.

 

The domain hackclub.app resolves to an IP address (IPv4 - 37.27.51.34 and IPv6 - 2a01:4f9:3081:399c::4 if you’re curious). The SSH server by default is on port 22, but you can specify a specific port by appending -p <port> to the command. This is what we’re going to use for Shush.

things to know about nest

Nest is a shared server and it sometimes has downtime. Also, only the admins have sudo access. More relevant to Shush, though, is the fact that correspondingly, ports are also shared among all of Nest’s users. You will not be able to run any services on port 8000, 3000, 4321 or whatever common options there are out there. Instead, run nest get_port to be allocated a free port to run your services on.

 

Because of this and the fact that Nest only has 1 IP, you won’t be able to run your services on a really nice looking single URL. Instead you’ll have to have a port specified for your SSH app.

 

This can be avoided by getting your own server, changing the default SSH port to something other than 22, then running your SSH app on port 22 so that users implicitly connect to it when they SSH to your public URL. But alas.

hosting your app!

Clone your app’s repository to Nest.

Now, I do not know the specifics of your app. But somewhere in there you’ve definitely specified a port that your SSH server runs on. Run nest get_port to get a free port, then update your variables/code/whatever to this port.

Start your app. Just because you started the process on a server doesn’t mean it’ll stay up all the time - in fact, it’ll close after you end your session.

In order to keep it online all the time, use Systemd - alternatively, you can set up Docker on Nest and create a Dockerfile. These run in the background and can be set to automatically restart when the system restarts.

 

Once your app is online, you can access it by SSHing into hackclub.app -p <yourport>. Why just that domain, and not a subdomain or something more specific? Simply because Nest is accessible at hackclub.app. If you really wanted to have your app accessible only by SSHing into subdomain.domain.com, and only that subdomain, you could get a separate IP address and point your chosen subdomain to only that specific IP address, then do the aforementioned messing around with the default SSH port.

 

For posterity’s sake though (and also because it’s hard to demo without one :/) make sure you make a website for your SSH app. It could be an informative one (explaining the content of your app, like whoami) or it could be something that’s actually linked to and displays data from your app - whatever works! To get a subdomain for your website on Nest, run nest caddy add <subdomain>.<username>.hackclub.app. You can read more about the Caddy webserver and Nest here.

how does a raspberry pi tie into all of this?

Raspberry Pis are essentially mini computers that you can have running inside your house. This is a very brief overview of the steps you’ll need to follow to host your service on a Raspberry Pi:

previous next
W10: Warning: Changing a readonly file

Press ENTER or type command to continue