Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Looking for beta testers for our HeyTerm web terminal project
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Looking for beta testers for our HeyTerm web terminal project

dearroydearroy Member, Host Rep

Dear LET'ers,

For the last couple of weeks, my team has been developing an application called HeyTerm - a centralized web terminal interface where you can access and manage your infrastructure devices from a web browser.

The HeyTerm idea came from a Chinese web hosting group on Telegram, some members complained that they felt so difficult to connect to their servers in another region, because of the network congestion abroad. It did happen to me sometimes too while I was trying to log in to my working RDP in the US, so I thought why not make a tool to help them and myself?

The demo was done by my partner, Mufeng in 1.5 weeks, and after a quick test, we realize it's something that users need, so we implemented UI with the help of our designer, Mora.

And it's just getting started, we do have a long roadmap but we also want to listen to your voice about the feature you want us to add.

Screenshots

enter image description here

enter image description here

enter image description here

Features Implemented

  • You can manage multiple infrastructure devices in a single web page.
  • Everything is HTML5 web-based, you don't have to install any 3rd party software.
  • You can access the infrastructure devices via RDP/SSH/Telnet/VNC.
  • You can choose a gateway location as per your preference to ensure the best network performance.
  • You can execute the same shell command to multiple devices at the same time.

Features Upcoming

  • Organizations, projects/groups, and permissions.
  • Device uptime monitoring, notifications.
  • Logs audit and recording.
  • Self-hosted version

Thanks to our Angel Investor: Mr. Binsen Tang, we are well funded. The BETA stage will last 6-12 months meanwhile we will try to make it a better software. We didn't think much about the pricing yet as of now, but it will definitely be affordable to LET community members.

Any feedback is appreciated! I will be working with you to improve HeyTerm day by day.

Thanked by 2corbpie plumberg
«1

Comments

  • The website seems down, How do we access it? Also, is the Source Public for Audit or closed?

    Thanked by 1dearroy
  • Confirmed, website is down. I would want to test it though.

  • dearroydearroy Member, Host Rep

    Reaperofpower said: The website seems down, How do we access it?

    default said: Confirmed, website is down. I would want to test it though.

    Got the alert while I was walking out for dinner, we got a DDoS attack, will mitigate and fix very shortly.

  • Njinx on Fedora

  • dearroydearroy Member, Host Rep

    lazyt said: Njinx on Fedora

    Should be fixed now.

  • vyas11vyas11 Member
    edited August 2019

    I saw it on ProductHunt a few days ago, and have been trying it out with a couple of test vps’es.
    @dearroy looks promising...will try to post a longer review later. Best wishes

    Thanked by 1dearroy
  • Working now book marked for when I'm not on mobile.

    Thanked by 1dearroy
  • dearroydearroy Member, Host Rep

    Reaperofpower said: Also, is the Source Public for Audit or closed?

    HeyTerm will be closed however we will disclose an audit report by 3rd party shortly.

  • let me try it.

  • joepie91joepie91 Member, Patron Provider

    @dearroy said:

    Reaperofpower said: Also, is the Source Public for Audit or closed?

    HeyTerm will be closed however we will disclose an audit report by 3rd party shortly.

    So there have been a few projects along these lines ("centralized server management") on LET in the past, and pretty much every time they run into the same problem: why would you trust a third party with effectively root access to all of your infrastructure?

    An audit report is better than nothing, but it's also only a snapshot in time; hypothetically speaking, there's nothing to keep you from adding malicious code 5 minutes after the auditor's access to the internal repository is revoked. At most it could be an assessment of the general code quality (if it's a good and widely-trusted auditor), but it's probably not going to provide the assurances that people need.

    Perhaps there's a market for this, but I wouldn't be surprised if a lot of the responses here are going to be "if I can't self-host it and look at the source, I'm not interested". Handing over root access to all of your infrastructure to a third party is a pretty big risk to take, and - especially taking into account the widespread availability of (open-source, self-hosted) deployment tooling - a pretty hard sell, IMO.

  • Congratz for launching guys :)
    Wish you best luck!

    What's the difference with something like https://guacamole.apache.org/

    Also how do you store private keys and passwords? Do you as admin of the saas get access to all servers connected?

    Thanked by 1dearroy
  • dearroydearroy Member, Host Rep

    joepie91 said: So there have been a few projects along these lines ("centralized server management") on LET in the past, and pretty much every time they run into the same problem: why would you trust a third party with effectively root access to all of your infrastructure?

    An audit report is better than nothing, but it's also only a snapshot in time; hypothetically speaking, there's nothing to keep you from adding malicious code 5 minutes after the auditor's access to the internal repository is revoked. At most it could be an assessment of the general code quality (if it's a good and widely-trusted auditor), but it's probably not going to provide the assurances that people need.

    Perhaps there's a market for this, but I wouldn't be surprised if a lot of the responses here are going to be "if I can't self-host it and look at the source, I'm not interested". Handing over root access to all of your infrastructure to a third party is a pretty big risk to take, and - especially taking into account the widespread availability of (open-source, self-hosted) deployment tooling - a pretty hard sell, IMO.

    True, I thought the same before I decided to start the project, and we are still trying to figure it out before we end the BETA stage.

    why would you trust a third party with effectively root access to all of your infrastructure?

    For most of the companies and users, they might not have an IT department or sysadmins to ensure their data security, So it doesn't make too many differences whether they provide root access or not, it's just a sense of self-conscious.

    And, HeyTerm doesn't require users to save root access, it's up to the users whether to sign in automatically or manually.

    We are working on the audit report with a well-trusted auditor at the moment, but I agree with you - audit report doesn't equal to absolute safe. This question applies to all SaaS companies that are source code closed, only time can tell the answer.

    We know it's a bit hard to start, we are extremely encouraged by these users who really want it, we are improving it day by day.

  • I can't wait for the selfhosted version

    Thanked by 1dearroy
  • fLoofLoo Member
    edited August 2019

    Let me ask this:

    Why do you feature Google, Instagram, Facebook etc as "partners". Obviously you're trying to impress your visitors with those logos. Can you please tell me how are you affiliated to those companies and why did you place their respective logos on your website?

    Are you getting payed by them? In which way are those companies your partners? Please clarify.

    Appreciated.

  • @fLoo said:
    Let me ask this:

    Why do you feature Google, Instagram, Facebook etc as "partners". Obviously you're trying to impress your visitors with those logos. Can you please tell me how are you affiliated to those companies and why did you place their respective logos on your website?

    Are you getting payed by them? In which way are those companies your partners? Please clarify.

    Appreciated.

    They are most likely just placeholders for the time being. @dearroy

    Thanked by 1dearroy
  • OujiOuji Member

    Isn't this like guacamole? Also, I couldn't find a place to change my password and it doesn't seem to support 2FA yet.

  • fLoofLoo Member

    @Turboooo said:

    @fLoo said:
    Let me ask this:

    Why do you feature Google, Instagram, Facebook etc as "partners". Obviously you're trying to impress your visitors with those logos. Can you please tell me how are you affiliated to those companies and why did you place their respective logos on your website?

    Are you getting payed by them? In which way are those companies your partners? Please clarify.

    Appreciated.

    They are most likely just placeholders for the time being. @dearroy

    Makes no sense as you could simply use a blank-image. They even adjusted the colors to fit their CI and the design overall.

  • dearroydearroy Member, Host Rep

    @fLoo Thanks for pointing out, it turned out to be that I pulled a less latest code to the server, I have fixed that.

    Ouji said: Isn't this like guacamole? Also, I couldn't find a place to change my password and it doesn't seem to support 2FA yet.

    angelius said: What's the difference with something like https://guacamole.apache.org/

    We were inspired by Guacamole and we implement similarly.

    HeyTerm makes it easier to get started, especially for people who are new to it. We managed to make it distributed so users can choose their preferred location based on their network environment and GEO location.

    The differences will begin to stand out as time goes by, we are collecting feature requests to make it unique.

    2FA is on our next milestone roadmap, we will implement Google Authenticator, Wechat QR code as well as email for 2FA.

    angelius said: Also how do you store private keys and passwords? Do you as admin of the saas get access to all servers connected?

    As of now, all keys and passwords are encrypted with AES, and soon we will switch to RSA in the near future.

    I, as an admin of HeyTerm, have no access to servers that do not belong to my account, and we don't have a dedicated interface for admins yet, it's not in our future plan either.

  • LeviLevi Member

    Yea, this will not work if people won't see source code. At least those people who could be potential customers. A massive SPOF, unaudited code (code audition costs large money). I give max 1 year prior to deadpool.

  • dearroydearroy Member, Host Rep

    LTniger said: I give max 1 year prior to deadpool.

    Thanks for the predict! We'll see.

  • infoinfo Member

    it makes same thing which we can do with ssh/telnet client and we're giving our root password to them. it's unsafe. I'm not fond of web based clients already but wanted to test.

    Thanked by 1dearroy
  • Termius also has a password sync feature, and it's not open-souce either. Its subscription price is $99/y, still having a lot of users. So I guess if you guys can be trustworthy to the public, while keep enhance other features, it's doable.

    Thanked by 1dearroy
  • OujiOuji Member

    @dearroy Still looking to update my password whenever this feature is available.

  • dearroydearroy Member, Host Rep

    Ouji said: @dearroy Still looking to update my password whenever this feature is available.

    A profile page is now being designed, before it's completed you can use the password reset feature on the login page to reset the password.

    Thanked by 1Ouji
  • dearroydearroy Member, Host Rep

    yorkchou said: So I guess if you guys can be trustworthy to the public, while keep enhance other features, it's doable.

    That requires time, patience as well as insights, but we have faith.

  • My takeaways from the discussion so far: Many see the closed source as an issue. But then there are many third party SM Integration tools and website management tools that are closed source. I am not a believer in the 'convenience at the cost of risk' school of thought, but as a beta product, does not hurt to link a few non mission critical sites.

    Esp with low learning curve, even for a newbie like me, the risk is low. But for the experienced users/admins that the audience in LET happen to be, I believe control (or lack of) versus convenience is a one way conversation.

    Thanked by 1dearroy
  • dearroydearroy Member, Host Rep

    Just an update: HeyTerm now supports SSH two-factor authentication.

  • raindog308raindog308 Administrator, Veteran

    dearroy said: As of now, all keys and passwords are encrypted with AES, and soon we will switch to RSA in the near future.

    ...why?

    The actual cipher in use is rarely the weakest link in a crypto solution. Are you really worried there are people out there who can break AES but will be defeated by RSA?

    Thanked by 1dearroy
  • dearroydearroy Member, Host Rep

    raindog308 said: ...why?

    The actual cipher in use is rarely the weakest link in a crypto solution. Are you really worried there are people out there who can break AES but will be defeated by RSA?

    Well, I was not meant to compare AES and RSA.

    We are testing to combine both and use multiple servers joint to encrypt/decrypt, that is the best solution I could think of now, will improve as it goes.

Sign In or Register to comment.