npm - cmux-ssh-here - Versions diffs - 0.1.0 → 0.2.1 - Mend

cmux-ssh-here 0.1.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1,39 +1,42 @@
 # cmux-ssh-here
-Одной командой поднимает на этой машине эфемерный SSH-сервер с авторизацией по одноразовому токену и печатает [cmux SSH deep link](https://cmux.com/ru/docs/ssh). Кто откроет ссылку в [cmux](https://cmux.com) — мгновенно попадёт в shell под текущим пользователем по локальной сети, без настройки `sshd`, ключей и паролей.
+One command spins up an ephemeral, token-authenticated SSH server on this machine and prints a [cmux SSH deep link](https://cmux.com/en/docs/ssh). Open the link in [cmux](https://cmux.com) and you instantly land in a shell as the current user over the local network — no `sshd` setup, no keys, no passwords.
 ```bash
 npx cmux-ssh-here
 ```
-Вывод:
+Output:
 ```
-  Подключение к этой машине через cmux по LAN
-  (shell под пользователем you, Ctrl-C тут — выключить):
+  Connect to this machine via cmux over the LAN
+  (shell as you; Ctrl-C here to stop):
   https://cmux.com/deeplink/ssh?host=192.168.1.42&port=52968&user=wudUKicRFRw3&host-key-policy=accept-new&title=your-mac
 ```
-Открой ссылку — cmux подключится сам. `Ctrl-C` в терминале выключает сервер.
+Open the link — cmux connects on its own. `Ctrl-C` in the terminal stops the server.
-## Как это работает
+## How it works
-- Свой SSH-сервер (`ssh2`) с эфемерными host-key и токеном — живут только пока запущен процесс.
-- Токен передаётся в `user=` диплинка; сервер пускает только с верным токеном.
-- Диплинк cmux намеренно не несёт паролей/ключей, поэтому секрет — это сам токен.
-- Полноценный shell через PTY (`node-pty`), с поддержкой размера окна.
+- Its own SSH server (`ssh2`) with an ephemeral host key and token — both live only while the process runs.
+- The token is passed in the deep link's `user=`; the server only accepts the correct token.
+- cmux deep links deliberately carry no passwords or keys, so the secret is the token itself.
+- Full PTY shell via `node-pty`, with window-resize support.
+- When `tmux` is available, the interactive shell runs inside it: sessions persist and are shared across connections, and the session list (`choose-tree`) is shown on connect. Without `tmux`, it falls back to a plain login shell.
-## Требования
+## Requirements
 - Node 18+.
-- [cmux](https://cmux.com) на устройстве, с которого открываешь ссылку.
-- macOS или Linux (на хосте, который раздаёт shell). Windows-хост не поддержан.
+- [cmux](https://cmux.com) on the device you open the link from.
+- macOS or Linux on the host sharing the shell. Windows host is not supported.
+- `tmux` (optional) for persistent, shared server-side sessions.
-## Безопасность
+## Security
-⚠️ **Токен в ссылке — bearer-секрет, дающий shell под твоим пользователем.** Только для доверенной локальной сети. Не публикуй ссылку и не шли по недоверенным каналам. Закрыл терминал — токен и host-key мертвы.
+⚠️ **The token in the link is a bearer secret that grants a shell as your user.** Trusted local network only. Don't publish the link or send it over untrusted channels. Close the terminal and the token and host key are gone.
-## Опции
+## Options
-- `PORT=2222 npx cmux-ssh-here` — фиксированный порт (по умолчанию случайный свободный).
+- `PORT=2222 npx cmux-ssh-here` — fixed port (random free port by default).
+- `CMUX_SSH_DEBUG=1 npx cmux-ssh-here` — log incoming auth/env/exec/shell requests to stderr (troubleshooting).

package/bin.js CHANGED Viewed

@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 // npx cmux-ssh-here
-// Поднимает эфемерный SSH-сервер с авторизацией по токену и печатает cmux deep link.
-// Любой в LAN, открывший ссылку, попадает в shell под текущим пользователем.
-// ponytail: токен = bearer-секрет. Для доверенной локальной сети, не для интернета.
-import ssh2 from "ssh2"; // ponytail: ssh2 — CJS, именованного экспорта нет
+// Spins up an ephemeral token-auth SSH server and prints a cmux deep link.
+// Anyone on the LAN who opens the link lands in a shell as the current user.
+// ponytail: the token is a bearer secret. Trusted LAN only, not the internet.
+import ssh2 from "ssh2"; // ponytail: ssh2 is CJS, no named exports
 const { Server } = ssh2;
 import { generateKeyPairSync, randomBytes } from "node:crypto";
 import os from "node:os";
@@ -11,7 +11,8 @@ import { chmodSync } from "node:fs";
 import { createRequire } from "node:module";
 import { dirname, join } from "node:path";
-// ponytail: prebuilt spawn-helper иногда распаковывается без +x (баг упаковки node-pty) — чиним до import
+// ponytail: node-pty's prebuilt spawn-helper sometimes unpacks without +x
+// (packaging bug) -> "posix_spawnp failed". Fix it before importing.
 if (process.platform !== "win32") {
   try {
     const root = dirname(dirname(createRequire(import.meta.url).resolve("node-pty")));
@@ -20,60 +21,108 @@ if (process.platform !== "win32") {
 }
 const { default: pty } = await import("node-pty");
-const token = randomBytes(9).toString("base64url"); // секрет в ссылке (user=<token>)
+// ponytail: hex (not base64url) — cmux rejects a user that starts with "-",
+// and an ssh client treats a leading-dash username as a flag. Hex is URL/ssh-safe.
+const token = randomBytes(12).toString("hex"); // secret carried in user=<token>
 const { privateKey } = generateKeyPairSync("rsa", {
-  // ponytail: rsa PEM — ssh2 парсит host-key без сюрпризов (ed25519 PKCS8 ssh2 берёт не всегда)
+  // ponytail: rsa PEM parses cleanly in ssh2 (ed25519 PKCS8 is hit-or-miss)
   modulusLength: 2048,
   privateKeyEncoding: { type: "pkcs1", format: "pem" },
   publicKeyEncoding: { type: "spki", format: "pem" },
 });
+const shellPath = process.env.SHELL || "/bin/zsh";
 const lanIP = () =>
   Object.values(os.networkInterfaces())
     .flat()
     .find((i) => i?.family === "IPv4" && !i.internal && !i.address.startsWith("169.254"))?.address;
+// Run a command in a PTY and bridge it to an ssh2 channel.
+function bridge(stream, args, term) {
+  const child = pty.spawn(shellPath, args, {
+    name: term.term,
+    cols: term.cols,
+    rows: term.rows,
+    cwd: os.homedir(),
+    env: { ...process.env, ...term.env },
+  });
+  child.onData((d) => stream.write(d));
+  stream.on("data", (d) => child.write(d.toString()));
+  child.onExit(({ exitCode }) => {
+    try {
+      stream.exit(exitCode ?? 0);
+    } catch {}
+    stream.end();
+  });
+  return child;
+}
+const debug = process.env.CMUX_SSH_DEBUG ? (...a) => console.error("[debug]", ...a) : () => {};
 const server = new Server({ hostKeys: [privateKey] }, (client) => {
-  client.on("authentication", (ctx) =>
-    ctx.username === token ? ctx.accept() : ctx.reject()
-  );
+  client.on("authentication", (ctx) => {
+    debug("auth", ctx.method, ctx.username);
+    return ctx.username === token ? ctx.accept() : ctx.reject();
+  });
   client.on("session", (accept) => {
     const session = accept();
-    let info = { term: "xterm-256color", cols: 80, rows: 24 };
-    session.on("pty", (a, _r, i) => {
-      info = i;
+    // Defaults; overwritten by pty/env requests before shell/exec.
+    const term = { term: "xterm-256color", cols: 80, rows: 24, env: {} };
+    let child;
+    session.on("pty", (a, _r, info) => {
+      debug("pty", info.term, info.cols, info.rows);
+      term.term = info.term || term.term;
+      term.cols = info.cols || term.cols;
+      term.rows = info.rows || term.rows;
+      a?.();
+    });
+    session.on("env", (a, _r, info) => {
+      debug("env", info.key, "=", info.val);
+      term.env[info.key] = info.val;
+      a?.();
+    });
+    session.on("window-change", (a, _r, info) => {
+      child?.resize(info.cols, info.rows);
       a?.();
     });
     session.on("shell", (acc) => {
-      const stream = acc();
-      const shell = pty.spawn(process.env.SHELL || "/bin/zsh", [], {
-        name: info.term,
-        cols: info.cols,
-        rows: info.rows,
-        cwd: os.homedir(),
-        env: process.env,
-      });
-      shell.onData((d) => stream.write(d));
-      stream.on("data", (d) => shell.write(d));
-      session.on("window-change", (a, _r, i) => {
-        shell.resize(i.cols, i.rows);
-        a?.();
-      });
-      shell.onExit(() => stream.end());
+      debug("shell");
+      // ponytail: route the interactive shell through tmux so sessions persist
+      // and are shared across LAN connections; show the session list on connect.
+      // Falls back to a plain login shell when tmux is absent.
+      const start =
+        'if command -v tmux >/dev/null 2>&1; then ' +
+        'exec tmux new-session -A -s main \\; choose-tree -Zs; ' +
+        'else printf "[cmux-ssh-here] tmux not found; opening a plain shell (no server-side sessions)\\n"; ' +
+        'exec "$SHELL" -l; fi';
+      child = bridge(acc(), ["-lc", start], term);
+    });
+    session.on("exec", (acc, _r, info) => {
+      debug("exec", info.command);
+      // ponytail: login shell (-lc) so PATH includes things like homebrew tmux;
+      // cmux runs remote commands (tmux probes, tmux -CC) over this channel.
+      child = bridge(acc(), ["-lc", info.command], term);
+    });
+    session.on("subsystem", (_acc, rej, info) => {
+      debug("subsystem", info.name);
+      // ponytail: scp/sftp not supported; reject so the client fails fast
+      rej?.();
     });
   });
 });
 server.on("error", (e) => {
-  console.error(`Ошибка сервера: ${e.message}`);
+  console.error(`Server error: ${e.message}`);
   process.exit(1);
 });
-const PORT = Number(process.env.PORT) || 0; // 0 = случайный свободный порт
+const PORT = Number(process.env.PORT) || 0; // 0 = random free port
 server.listen(PORT, "0.0.0.0", function () {
   const ip = lanIP();
   if (!ip) {
-    console.error("Нет LAN IPv4-адреса");
+    console.error("No LAN IPv4 address found");
     process.exit(1);
   }
   const port = this.address().port;
@@ -84,7 +133,7 @@ server.listen(PORT, "0.0.0.0", function () {
     "host-key-policy": "accept-new",
     title: os.hostname(),
   });
-  console.log(`\n  Подключение к этой машине через cmux по LAN`);
-  console.log(`  (shell под пользователем ${os.userInfo().username}, Ctrl-C тут — выключить):\n`);
+  console.log(`\n  Connect to this machine via cmux over the LAN`);
+  console.log(`  (shell as ${os.userInfo().username}; Ctrl-C here to stop):\n`);
   console.log(`  https://cmux.com/deeplink/ssh?${params}\n`);
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cmux-ssh-here",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "description": "Spin up a token-auth SSH server and print a cmux deep link to connect over LAN",
   "type": "module",
   "bin": {