Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Subscribe to our newsletter

Advertise on LowEndTalk.com

Latest LowEndBox Offers

    Looking for beta testers for our HeyTerm web terminal project
    New on LowEndTalk? Please read our 'Community Rules' by clicking on it in the right menu!

    Looking for beta testers for our HeyTerm web terminal project

    dearroydearroy Member, Provider

    Dear LET'ers,

    For the last couple of weeks, my team has been developing an application called HeyTerm - a centralized web terminal interface where you can access and manage your infrastructure devices from a web browser.

    The HeyTerm idea came from a Chinese web hosting group on Telegram, some members complained that they felt so difficult to connect to their servers in another region, because of the network congestion abroad. It did happen to me sometimes too while I was trying to log in to my working RDP in the US, so I thought why not make a tool to help them and myself?

    The demo was done by my partner, Mufeng in 1.5 weeks, and after a quick test, we realize it's something that users need, so we implemented UI with the help of our designer, Mora.

    And it's just getting started, we do have a long roadmap but we also want to listen to your voice about the feature you want us to add.

    Screenshots

    enter image description here

    enter image description here

    enter image description here

    Features Implemented

    • You can manage multiple infrastructure devices in a single web page.
    • Everything is HTML5 web-based, you don't have to install any 3rd party software.
    • You can access the infrastructure devices via RDP/SSH/Telnet/VNC.
    • You can choose a gateway location as per your preference to ensure the best network performance.
    • You can execute the same shell command to multiple devices at the same time.

    Features Upcoming

    • Organizations, projects/groups, and permissions.
    • Device uptime monitoring, notifications.
    • Logs audit and recording.
    • Self-hosted version

    Thanks to our Angel Investor: Mr. Binsen Tang, we are well funded. The BETA stage will last 6-12 months meanwhile we will try to make it a better software. We didn't think much about the pricing yet as of now, but it will definitely be affordable to LET community members.

    Any feedback is appreciated! I will be working with you to improve HeyTerm day by day.

    Thanked by 2corbpie plumberg

    Comments

    • The website seems down, How do we access it? Also, is the Source Public for Audit or closed?

      Thanked by 1dearroy
    • defaultdefault Member

      Confirmed, website is down. I would want to test it though.

      Fastmako (aff) - great VPS for your needs.

    • dearroydearroy Member, Provider

      Reaperofpower said: The website seems down, How do we access it?

      default said: Confirmed, website is down. I would want to test it though.

      Got the alert while I was walking out for dinner, we got a DDoS attack, will mitigate and fix very shortly.

    • lazytlazyt Member

      Njinx on Fedora

      Have I mentioned how much I hate auto correct recently?

    • dearroydearroy Member, Provider
    • vyas11vyas11 Member
      edited August 9

      I saw it on ProductHunt a few days ago, and have been trying it out with a couple of test vps’es.
      @dearroy looks promising...will try to post a longer review later. Best wishes

      Thanked by 1dearroy

      Benchmark VPS'es || New! Review of Nexusbytes - Part I, Part II, Part III ||

    • lazytlazyt Member

      Working now book marked for when I'm not on mobile.

      Thanked by 1dearroy

      Have I mentioned how much I hate auto correct recently?

    • dearroydearroy Member, Provider

      Reaperofpower said: Also, is the Source Public for Audit or closed?

      HeyTerm will be closed however we will disclose an audit report by 3rd party shortly.

    • let me try it.

      Want a personal TLD??? join www.open-root.eu

    • joepie91joepie91 Member, Provider

      @dearroy said:

      Reaperofpower said: Also, is the Source Public for Audit or closed?

      HeyTerm will be closed however we will disclose an audit report by 3rd party shortly.

      So there have been a few projects along these lines ("centralized server management") on LET in the past, and pretty much every time they run into the same problem: why would you trust a third party with effectively root access to all of your infrastructure?

      An audit report is better than nothing, but it's also only a snapshot in time; hypothetically speaking, there's nothing to keep you from adding malicious code 5 minutes after the auditor's access to the internal repository is revoked. At most it could be an assessment of the general code quality (if it's a good and widely-trusted auditor), but it's probably not going to provide the assurances that people need.

      Perhaps there's a market for this, but I wouldn't be surprised if a lot of the responses here are going to be "if I can't self-host it and look at the source, I'm not interested". Handing over root access to all of your infrastructure to a third party is a pretty big risk to take, and - especially taking into account the widespread availability of (open-source, self-hosted) deployment tooling - a pretty hard sell, IMO.

    • Congratz for launching guys :)
      Wish you best luck!

      What's the difference with something like https://guacamole.apache.org/

      Also how do you store private keys and passwords? Do you as admin of the saas get access to all servers connected?

      Thanked by 1dearroy
    • dearroydearroy Member, Provider

      joepie91 said: So there have been a few projects along these lines ("centralized server management") on LET in the past, and pretty much every time they run into the same problem: why would you trust a third party with effectively root access to all of your infrastructure?

      An audit report is better than nothing, but it's also only a snapshot in time; hypothetically speaking, there's nothing to keep you from adding malicious code 5 minutes after the auditor's access to the internal repository is revoked. At most it could be an assessment of the general code quality (if it's a good and widely-trusted auditor), but it's probably not going to provide the assurances that people need.

      Perhaps there's a market for this, but I wouldn't be surprised if a lot of the responses here are going to be "if I can't self-host it and look at the source, I'm not interested". Handing over root access to all of your infrastructure to a third party is a pretty big risk to take, and - especially taking into account the widespread availability of (open-source, self-hosted) deployment tooling - a pretty hard sell, IMO.

      True, I thought the same before I decided to start the project, and we are still trying to figure it out before we end the BETA stage.

      why would you trust a third party with effectively root access to all of your infrastructure?

      For most of the companies and users, they might not have an IT department or sysadmins to ensure their data security, So it doesn't make too many differences whether they provide root access or not, it's just a sense of self-conscious.

      And, HeyTerm doesn't require users to save root access, it's up to the users whether to sign in automatically or manually.

      We are working on the audit report with a well-trusted auditor at the moment, but I agree with you - audit report doesn't equal to absolute safe. This question applies to all SaaS companies that are source code closed, only time can tell the answer.

      We know it's a bit hard to start, we are extremely encouraged by these users who really want it, we are improving it day by day.

    • I can't wait for the selfhosted version

      Thanked by 1dearroy
    • fLoofLoo Member
      edited August 9

      Let me ask this:

      Why do you feature Google, Instagram, Facebook etc as "partners". Obviously you're trying to impress your visitors with those logos. Can you please tell me how are you affiliated to those companies and why did you place their respective logos on your website?

      Are you getting payed by them? In which way are those companies your partners? Please clarify.

      Appreciated.

    • @fLoo said:
      Let me ask this:

      Why do you feature Google, Instagram, Facebook etc as "partners". Obviously you're trying to impress your visitors with those logos. Can you please tell me how are you affiliated to those companies and why did you place their respective logos on your website?

      Are you getting payed by them? In which way are those companies your partners? Please clarify.

      Appreciated.

      They are most likely just placeholders for the time being. @dearroy

      Thanked by 1dearroy
    • OujiOuji Member

      Isn't this like guacamole? Also, I couldn't find a place to change my password and it doesn't seem to support 2FA yet.

    • fLoofLoo Member

      @Turboooo said:

      @fLoo said:
      Let me ask this:

      Why do you feature Google, Instagram, Facebook etc as "partners". Obviously you're trying to impress your visitors with those logos. Can you please tell me how are you affiliated to those companies and why did you place their respective logos on your website?

      Are you getting payed by them? In which way are those companies your partners? Please clarify.

      Appreciated.

      They are most likely just placeholders for the time being. @dearroy

      Makes no sense as you could simply use a blank-image. They even adjusted the colors to fit their CI and the design overall.

    • dearroydearroy Member, Provider

      @fLoo Thanks for pointing out, it turned out to be that I pulled a less latest code to the server, I have fixed that.

      Ouji said: Isn't this like guacamole? Also, I couldn't find a place to change my password and it doesn't seem to support 2FA yet.

      angelius said: What's the difference with something like https://guacamole.apache.org/

      We were inspired by Guacamole and we implement similarly.

      HeyTerm makes it easier to get started, especially for people who are new to it. We managed to make it distributed so users can choose their preferred location based on their network environment and GEO location.

      The differences will begin to stand out as time goes by, we are collecting feature requests to make it unique.

      2FA is on our next milestone roadmap, we will implement Google Authenticator, Wechat QR code as well as email for 2FA.

      angelius said: Also how do you store private keys and passwords? Do you as admin of the saas get access to all servers connected?

      As of now, all keys and passwords are encrypted with AES, and soon we will switch to RSA in the near future.

      I, as an admin of HeyTerm, have no access to servers that do not belong to my account, and we don't have a dedicated interface for admins yet, it's not in our future plan either.

    • Yea, this will not work if people won't see source code. At least those people who could be potential customers. A massive SPOF, unaudited code (code audition costs large money). I give max 1 year prior to deadpool.

      Wordpress Hosting - Home made!

    • dearroydearroy Member, Provider

      LTniger said: I give max 1 year prior to deadpool.

      Thanks for the predict! We'll see.

    • infoinfo Member

      it makes same thing which we can do with ssh/telnet client and we're giving our root password to them. it's unsafe. I'm not fond of web based clients already but wanted to test.

      Thanked by 1dearroy
    • Termius also has a password sync feature, and it's not open-souce either. Its subscription price is $99/y, still having a lot of users. So I guess if you guys can be trustworthy to the public, while keep enhance other features, it's doable.

      Thanked by 1dearroy
    • OujiOuji Member

      @dearroy Still looking to update my password whenever this feature is available.

    • dearroydearroy Member, Provider

      Ouji said: @dearroy Still looking to update my password whenever this feature is available.

      A profile page is now being designed, before it's completed you can use the password reset feature on the login page to reset the password.

      Thanked by 1Ouji
    • dearroydearroy Member, Provider

      yorkchou said: So I guess if you guys can be trustworthy to the public, while keep enhance other features, it's doable.

      That requires time, patience as well as insights, but we have faith.

    • vyas11vyas11 Member

      My takeaways from the discussion so far: Many see the closed source as an issue. But then there are many third party SM Integration tools and website management tools that are closed source. I am not a believer in the 'convenience at the cost of risk' school of thought, but as a beta product, does not hurt to link a few non mission critical sites.

      Esp with low learning curve, even for a newbie like me, the risk is low. But for the experienced users/admins that the audience in LET happen to be, I believe control (or lack of) versus convenience is a one way conversation.

      Thanked by 1dearroy

      Benchmark VPS'es || New! Review of Nexusbytes - Part I, Part II, Part III ||

    • dearroydearroy Member, Provider

      Just an update: HeyTerm now supports SSH two-factor authentication.

    • raindog308raindog308 Moderator

      dearroy said: As of now, all keys and passwords are encrypted with AES, and soon we will switch to RSA in the near future.

      ...why?

      The actual cipher in use is rarely the weakest link in a crypto solution. Are you really worried there are people out there who can break AES but will be defeated by RSA?

      Thanked by 1dearroy

      For LET support, please visit the interim support desk.

      Over the past few months we have been met with many challenges within the moderation business. Some that have not been overcome.

    • dearroydearroy Member, Provider

      raindog308 said: ...why?

      The actual cipher in use is rarely the weakest link in a crypto solution. Are you really worried there are people out there who can break AES but will be defeated by RSA?

      Well, I was not meant to compare AES and RSA.

      We are testing to combine both and use multiple servers joint to encrypt/decrypt, that is the best solution I could think of now, will improve as it goes.

    • dearroy said: HeyTerm now supports SSH two-factor authentication.

      I smell bullshit here. If it's a some sort of OTP (one time password ie. Google Authenticator, SMS or email code) that doesn't change anything at all! The codes are also generated on your side and the code is compared against the code provided by the user. If anyone breaks into your platform they also get access to the codes, thus making the 2FA useless. That proves you know shit about security lol. The only viable option is to have 2FA on the server itself, but that's outside your scope.

      Prove me wrong.

      I live in harmony with people. They hate me and I hate them.
      AlphaSucks | Proxmox on Kimsufi | Hiding Proxmox behind NGINX | Securing SSH

    • @LTniger said:
      Yea, this will not work if people won't see source code. At least those people who could be potential customers. A massive SPOF, unaudited code (code audition costs large money). I give max 1 year prior to deadpool.

      Whats worse is that even if we could see the source code whose to tell whats being run on their system?

      I ❤ Laravel

    • dearroydearroy Member, Provider

      MrPsycho said: I smell bullshit here. If it's a some sort of OTP (one time password ie. Google Authenticator, SMS or email code) that doesn't change anything at all! The codes are also generated on your side and the code is compared against the code provided by the user. If anyone breaks into your platform they also get access to the codes, thus making the 2FA useless. That proves you know shit about security lol. The only viable option is to have 2FA on the server itself, but that's outside your scope.

      I am sorry but you misunderstood what has been implemented - the 2FA is on the server, not on our platform. It's common sense, you are very welcome to give it a try.

    • dearroydearroy Member, Provider

      No, we write our own scripts, but seems to be similar things.

    Sign In or Register to comment.