Tmux interactive session app

I followed an analog very close to what is done for the authentication helper that was done for the RStudio bc app

Basically swap the plaintext user:password call with

-a /path/to/bin/auth

And then write the auth to verify against a cached shell TTYD_PASSWORD password

One other notable bit is that I needed to stash the full tmux <with all the opts> command in another file, and let the /bin/auth call this file.

I’m still not quite finalized as I’m thinking this through, but I can reach out to you offline to discuss this potential solution.

-Kevin

I did end up reaching out to @nvonwolf (thanks) and ultimately the solution at our site was to modify ttyd to support a simple file credential option, which still uses http basic authentication. Then I still use https://gitlab.com/nmsu_hpc/ood_bc_shell the repo here but with minimal changes.

My fork currently has the changes that were done, and I plan on submitting a PR upstream to ttyd in the future.

@kevinlee very cool, that is a great alternative.

Here is what I ended up doing, which is similar to what others. I created a simple shell script that replaces the tmux command that checks the password from an environment variable. The password is sent as arg in the URL. For our case we don’t mind having the session password in the URL: /node/%host%/%port%/?arg=%password%

#before.sh.erb
# Find available port to run server on
export port=$(find_port ${host})
# Export compute node the script is running on
export host="${host}"
# Generate SHA1 encrypted password (requires OpenSSL installed)
export password="$(create_passwd 20)"
# Define tmux socket name
export tsock="<%= session.id %>.sock"
# Define tmux session name
export tses="<%= session.id %>"

#!/usr/bin/env bash
#script.sh.erb
# Launch ttyd
/usr/local/bin/ttyd -a -p "${port}" -b "/node/${host}/${port}" <%= session.staged_root.join("tmux.sh") %>
# kill tmux session
tmux kill-session -t "$tses"

#!/usr/bin/env bash
#tmux.sh
# Set Working Directory To Home
cd "${HOME}"
# set the TERM
export TERM="xterm-256color"
# Launch tmux
if [ "$1" == "$password" ];then
    tmux -L "$tsock" new -A -s "$tses" '/bin/bash'
else
    echo Access Denied
    sleep 5
fi
exit

Kevin, did you ever submit that pull request to the ttyd project?

What are your minimal changes to https://gitlab.com/nmsu_hpc/ood_bc_shel app?

Hi @baverhey

I think the relevant changes are here, key point being that a password file is stored in the user’s session directory.

# Create password file
echo "ttyd:${password}" > "${sdir}/passfile.txt"

# Benchmark info
echo "TIMING - Starting ttyd at: $(date)"

<%- if context.tmux_config.to_s == "1" -%>
    $TTYD -p "${port}" -b "/node/${host}/${port}" -t fontSize=$fsize -t cursorStyle=underline -t cursorBlink=true -t 'theme={"background": "#282a36", "foreground": "#f8f8f2"}' -f "${sdir}/passfile.txt" $TMUX -f "$tconf" -L "$tsock" new -A -s "$tses"
<%- else -%>
    $TTYD -p "${port}" -b "/node/${host}/${port}" -t fontSize=$fsize -t cursorStyle=underline -t cursorBlink=true -t 'theme={"background": "#282a36", "foreground": "#f8f8f2"}' -f "{sdir}/passfile.txt" $TMUX -L "$tsock" new -A -s "$tses"
<%- end -%>

@nvonwolf I finally submitted it. I forgot since I recompiled against my fork and deployed at our site and got sidetracked…

We finally have this app in a pre-production setup with an OOD deployment to all users later this summer.