mirror of
https://git.coolaj86.com/coolaj86/telebit.js.git
synced 2024-11-20 12:34:41 +00:00
494 lines
16 KiB
TOML
494 lines
16 KiB
TOML
[help]
|
|
|
|
remote = "telebit remote v{version}
|
|
|
|
Telebit Remote is the T-Rex long-arm of the Internet. UNSTOPPABLE!
|
|
|
|
Using reliable HTTPS tunneling to establishing peer-to-peer connections,
|
|
Telebit is empowering the next generation of tinkerers. Access your devices.
|
|
Share your stuff. Be UNSTOPPABLE! (Join us at https://rootprojects.org)
|
|
|
|
Usage:
|
|
|
|
telebit [flags] <command> [arguments]
|
|
ex: telebit http ~/Public
|
|
|
|
The flags are:
|
|
|
|
--config <path> specify config file (default is ~/.config/telebit/telebit.yml)
|
|
--json output json instead of text, if available
|
|
-h,--help display this menu (or sub-command menus)
|
|
|
|
The commands are:
|
|
|
|
status show status and configuration info
|
|
|
|
http access files, folders, and local apps via https (secure)
|
|
ssh enable remote access to this device with ssh-over-https
|
|
ssh (client) access devices via ssh-over-https (telebit, stunnel, openssl, etc)
|
|
tcp forward tcp locally
|
|
|
|
enable turn on remote access and sharing
|
|
disable turn off remote access and sharing
|
|
|
|
activate start and register the telebit service
|
|
disable stop and unregister the telebit service
|
|
|
|
config (doc) config file format and settings
|
|
client (doc) vpn, ftp, rsync, scp, ssh-proxy, sclient
|
|
|
|
Use \"telebit help [command]\" for more information about a command, including flags.
|
|
|
|
Additional help topics:
|
|
|
|
daemon telebit daemon secure background service
|
|
relay telebit secure relay, hosted, and self-hosting options
|
|
|
|
Copyright 2015-2018 AJ ONeal https://telebit.cloud MPL-2.0 Licensed (RAWR!)"
|
|
|
|
client = "telebit client v{version}
|
|
|
|
ftp secure ftp file transfer between devices
|
|
rsync rsync over https and proxy commands
|
|
scp scp over https and proxy commands
|
|
sclient use the sclient emebbed within telebit
|
|
ssh-proxy ssh over https and proxy commands
|
|
vpn (client) home network access and private web browsing via socks5
|
|
|
|
Use \"telebit help [command]\" for more information about a command, including flags.
|
|
|
|
Copyright 2015-2018 AJ ONeal https://telebit.cloud MPL-2.0 Licensed (RAWR!)"
|
|
|
|
status = "usage: telebit status
|
|
|
|
'telebit status' shows details about the current connections (or lack thereof).
|
|
|
|
Example:
|
|
|
|
Status: RAWR! (uptime: 45 minutes)
|
|
|
|
Forwarding ssh+https://jon.telebit.io => localhost:22
|
|
Forwarding https://client.jon.telebit.io => localhost:3000
|
|
Serving https://public.jon.telebit.io from ~/Public
|
|
Syncing ~/shared => home.jon.telebit.io:shared
|
|
|
|
Relay: https://telebit.cloud
|
|
Launcher: user
|
|
|
|
Additional help topics: enable, disable"
|
|
|
|
enable = "Enable Telebit - Re-enable and accept incoming connections
|
|
|
|
usage: telebit enable
|
|
|
|
enable Re-enable incoming connections for https, ssh, etc"
|
|
|
|
disable = "Disable Telebit - Reject https, ssh, and tcp connections
|
|
|
|
usage: telebit disable
|
|
|
|
disable (Temporarily) reject incoming connections for https,
|
|
ssh, etc without deleting the current configuration.
|
|
|
|
Perists on restart, but can be re-enabled remotely
|
|
(with your authorization only)."
|
|
|
|
activate = "Activate Telebit - Start telebit (if not running) and register a launcher
|
|
|
|
Usage:
|
|
|
|
telebit activate [flags]
|
|
ex: telebit activate --launcher none
|
|
|
|
The flags may be exactly one of:
|
|
|
|
--no-launcher uregister any launchers (start manually)
|
|
--user-launcher (default) register an unprivileged launcher (start on login)
|
|
--system-launcher register with the system launcher (start on boot)
|
|
|
|
Note: telebit relies on the system launcher to recover from certain error conditions"
|
|
|
|
deactivate = "Deactivate Telebit - Unregister userspace (or system) launcher and stop
|
|
|
|
Usage:
|
|
|
|
telebit deactivate [flags]
|
|
ex: telebit deactivate --keep alive
|
|
|
|
The flags are:
|
|
|
|
--keep-launcher stop telebit without unregistering the launcher
|
|
--keep-alive unregister launcher without stopping"
|
|
|
|
http = "Telebit HTTP - The UNSTOPPABLE way to share files, folders, and local apps.
|
|
|
|
usage: telebit http <path/port/none> [subdomain]
|
|
|
|
http <DIR> [subdomain] serve a file, folder, or node express app
|
|
ex: telebit http ~/Public pub ex: securely host ~/Public as pub.johndoe.telebit.io
|
|
|
|
http <PORT> [subdomain] forward all https traffic to a local app
|
|
ex: telebit http 3000 app ex: publicize localhost:3000 as app.johndoe.telebit.io
|
|
|
|
http none [subdomain] remove secure http access for (any or all) subdomain(s)
|
|
ex: telebit http none ex: remove all https access
|
|
|
|
Use cases:
|
|
|
|
- Lazy man's AirDrop (works for lazy women too!)
|
|
- Testing dev sites on a phone
|
|
- Sharing indie music and movies with friends"
|
|
|
|
ssh = "Telebit SSH - The UNSTOPPABLE way to remote into your devices.
|
|
|
|
usage: telebit ssh <auto|port|none>
|
|
|
|
All https traffic will be inspected to see if it looks like ssh Once enabled all traffic that looks
|
|
|
|
ssh auto Make ssh Just Work™ (on port 22)
|
|
|
|
ssh <port> forward ssh traffic to non-standard port
|
|
ex: telebit ssh 22 ex: explicitly forward ssh-looking packets to localhost:22
|
|
|
|
ssh none Disables ssh tunneling
|
|
|
|
Telebit SSH Client
|
|
|
|
usage: telebit ssh <remote> [ssh flags and options]
|
|
|
|
This is just a shortcut for \"ssh\", with all ssh-over-https options turned on.
|
|
|
|
ssh <remote> Make ssh Just Work™ (over https)
|
|
ex: telebit ssh jon.telebit.io ex:
|
|
|
|
\"telebit help ssh-proxy\" for more info
|
|
|
|
Use cases:
|
|
|
|
- Access your home computer from work.
|
|
- Access your work computer from home.
|
|
- Good ol' fashioned screen/tmux style pair programming"
|
|
|
|
ssh-proxy = "Proxying SSH over HTTPS
|
|
|
|
Wrapping SSH in HTTPS makes it accessible anywhere and also makes it routable.
|
|
Whether inside a harsh network environment or even if hindered by a poorly
|
|
configured firewall, once wrapped in tls, ssh becomes UNSTOPPABLE.
|
|
|
|
Usage:
|
|
telebit ssh <remote> [ssh flags and options]
|
|
|
|
Example:
|
|
|
|
telebit ssh jon.telebit.io
|
|
|
|
It is NOT at all neccessary to use \"telebit ssh\", it's just a convenience.
|
|
Wanna know why, and the alternatives? Keep reading!
|
|
|
|
## History
|
|
|
|
When TLS sends an encrypted packet over the network it begins with a handshake
|
|
which shows the things like the tls version and the host SERVERNAME unencrypted
|
|
so that the remote server can respond with the correct certificate.
|
|
|
|
SSH was created well before TLS and has a completely different header. The good
|
|
news is that, unlike some other early internet protocols, it does have a header
|
|
with its name and version, but it doesn't have anything to identify the server.
|
|
|
|
## Telebit + SSH
|
|
|
|
Here's why:
|
|
|
|
When you're running ssh through an https tunnel (as telebit does) you
|
|
can't just use \"ssh me.example.com\" to get in. You have to tell ssh that you
|
|
want to use an https tunnel. Using \"telebit ssh\" as a client will specify
|
|
all of the correct ssh options.
|
|
|
|
However, when you want to connect to ssh over https, you either have to pass
|
|
the correct arguments or modify your ~/.ssh/config to use \"openssl s_client\".
|
|
|
|
We explain the different configurations below:
|
|
|
|
## SSH + openssl
|
|
|
|
The configuration that's most likely to work with what's already installed on
|
|
your machine is this:
|
|
|
|
Host jon.telebit.io
|
|
ProxyCommand openssl s_client -quiet -connect %h:443 -servername %h
|
|
|
|
Or you would call ssh directly, like this:
|
|
|
|
ssh jon.telebit.io -o ProxyCommand=\"openssl s_client -quiet -connect %h:443 -servername %h\"
|
|
|
|
It's rather simple, but it looks quite daunting.
|
|
|
|
## SSH + sclient
|
|
|
|
Because that looks a little hairy, we created \"sclient\", so that the example
|
|
could look a bit more digestible:
|
|
|
|
Host jon.telebit.io
|
|
ProxyCommand sclient %h
|
|
|
|
Or
|
|
|
|
ssh jon.telebit.io -o ProxyCommand=\"sclient %h\"
|
|
|
|
## Inverse SSH Tunnel (same as stunnel)
|
|
|
|
The commands above instruct ssh to open a pipe into openssl or sclient. If we
|
|
instead want to connect ssh to a local tunnel, it looks like this:
|
|
|
|
Host jon.telebit.io
|
|
Hostname localhost
|
|
Port 3000
|
|
HostKeyAlias jon.telebit.io
|
|
CheckHostIP no
|
|
RequestTTY force
|
|
|
|
Or
|
|
|
|
ssh localhost -p 3000 -t -o CheckHostIP=no -o HostKeyAlias=jon.telebit.io
|
|
|
|
## See also
|
|
|
|
telebit ftp
|
|
telebit vpn"
|
|
|
|
tcp = "Telebit TCP - Seemless connectivity to LEGACY apps.
|
|
Use 'telebit http' instead, where possible (including for ssh).
|
|
|
|
usage: telebit tcp <path/port/none>
|
|
|
|
tcp <local> [remote] forward tcp to <local> from <remote>
|
|
ex: telebit tcp 5050 6565 ex: forward tcp port 6565 locally to port 5050
|
|
|
|
tcp <path> [remote] show ftp-style directory listing
|
|
ex: telebit tcp ~/Public ex: show listing of ~/Public
|
|
|
|
tcp none [remote] disable tcp access for [remote] port
|
|
ex: telebit tcp none 6565 ex: remove access to port 6565
|
|
|
|
Use cases:
|
|
|
|
- Debugging plain TCP when troubleshooting a legacy app
|
|
- You can't install a secure client (like telebit, sclient, openssl, or stunnel)
|
|
|
|
See also sclient <https://telebit.cloud/sclient> for connecting to legacy apps
|
|
with telebit-upscaled secure https access."
|
|
|
|
scp = "Telebit (Client) scp
|
|
|
|
See \"telebit rsync\"."
|
|
|
|
rsync = "Telebit (Client) rsync - Sync files to or from another computer
|
|
|
|
Sync files and directories from one computer to another.
|
|
|
|
Usage:
|
|
|
|
telebit rsync [flags] <src> <dst> [arguments]
|
|
ex: telebit rsync -av home.jon.telebit.cloud:shared/ ~/shared/ --exclude=tmp
|
|
|
|
This is not a full implementation of rsync, but rather a convenience wrapper
|
|
around rsync which passes the correct options to ssh for https tunneling.
|
|
|
|
Due to the way telebit wraps rsync, all flags which take an argumnt must
|
|
go after the source and destination paths / addresses.
|
|
|
|
See also: telebit help ssh-proxy"
|
|
|
|
vpn = "Telebit (Client) vpn - Use with Firefox for UNSTOPPABLE web browsing
|
|
|
|
This provides a very easy-to-use, lightweight VPN known as Socks5 that can be
|
|
used directly by Firefox and Chrome without requiring administrator privileges.
|
|
|
|
Usage:
|
|
|
|
telebit vpn --socks5 <port> <remote>
|
|
ex: telebit vpn --socks5 6789 home.jon.telebit.io
|
|
|
|
The flags are:
|
|
|
|
--socks5 <port> You MUST specify the socks5 port
|
|
|
|
Firefox Configuration:
|
|
|
|
Firefox -> Preferences
|
|
Advanced -> Network
|
|
Connection -> Settings
|
|
|
|
Manual proxy configuration:
|
|
|
|
SOCKS Host: localhost
|
|
Port: 6789
|
|
SOCKS v5
|
|
|
|
Just like a full vpn client, it routes your IP traffic places through the VPN
|
|
server (which in this case is another one of your telebit devices), but only
|
|
for traffic in the configured browser. You can still access school and office
|
|
resources in the other browser (and other applications) the need to switch a
|
|
full VPN on and off.
|
|
|
|
As will all other telebit functionality, this use https tunneling and will not
|
|
be disrupted by unfavorable network conditions.
|
|
|
|
Use cases:
|
|
|
|
- Watch your US Netflix using your home IP while traveling abroad.
|
|
- Log into your router as if from inside your home network.
|
|
- Disregard poorly configured web proxies at school or work.
|
|
|
|
See also: telebit help ssh-proxy"
|
|
|
|
ftp = "Telebit (Client) Secure FTP
|
|
|
|
Alias of \"telebit rsync\"
|
|
|
|
The original FTP was superseded by sftp and then rsync a few decades ago,
|
|
however, sometimes we refer to its successors, generically, as \"FTP\"
|
|
(just like you might say \"hang up\" the phone).
|
|
|
|
## History
|
|
|
|
FTP is a legacy of the 1970s. It served its purpose well on local networks, but
|
|
was extremely dangerous on the Internet due to its lack of security and various
|
|
vulnerabilities. On some legacy systems it remains an easy target to steal
|
|
passwords and load viruses onto computers.
|
|
|
|
Although very few systems have ftp installed today (thank goodness), almost every
|
|
computer comes with rsync already installed and ready to go.
|
|
|
|
Use \"telebit rsync\" instead."
|
|
|
|
daemon = "telebit daemon v{version}
|
|
|
|
Usage:
|
|
|
|
telebit daemon --config <path>
|
|
ex: telebit daemon --config ~/.config/telebit/telebitd.yml
|
|
|
|
Additional help topics:
|
|
|
|
config config file format and settings
|
|
remote telebit cli remote control
|
|
|
|
Copyright 2015-2018 https://telebit.cloud MPL-2.0 Licensed"
|
|
|
|
config = "Telebit Config (docs)
|
|
|
|
There are TWO config files:
|
|
|
|
remote ~/.config/telebit/telebit.yml
|
|
|
|
daemon ~/.config/telebit/telebitd.yml
|
|
|
|
### Remote Config
|
|
|
|
This only specifies the ipc - socket path (dir), address, or pipe name.
|
|
All other options are handled by the daemon.
|
|
|
|
ipc: /Users/aj/.local/share/telebit/var/run/
|
|
|
|
### Daemon Config
|
|
|
|
relay: telebit.cloud the relay to use
|
|
secret: null HMAC secret for self-hosted relay
|
|
email: jon@example.com the email to authenticate
|
|
agree_tos: true agree to Telebit, Greenlock, & Let's Encrypt, ToS
|
|
community_member: true get rare but relevant community updates
|
|
telemetry: true contribute to project telemetry
|
|
servernames:
|
|
example.com: don't reject https traffic for example.com
|
|
wildcard: true allow assignment to subdomains
|
|
handler: ~/Public whether to use a static server by path or app by port
|
|
home.example.com:
|
|
wildcard: true
|
|
handler: 3000
|
|
ssh_auto: 22 forward ssh-ish traffic to port 22
|
|
|
|
See also: telebit help relay"
|
|
|
|
sclient = "sclient
|
|
|
|
Usage:
|
|
|
|
sclient [flags] <remote> [local]
|
|
ex: sclient whatever.com:443 localhost:3000
|
|
ex: sclient whatever.com -
|
|
ex: printf \"GET / HTTP/1.1\\n\\n\" | sclient whatever.com
|
|
|
|
sclient is a standalane tls unwrapper. For convenience it's bundled with telebit
|
|
as the passthru subcommand \"telebit sclient\" and functions exactly the name.
|
|
|
|
telebit sclient [flags] <remote> [local]
|
|
ex: printf \"GET / HTTP/1.1\\n\\n\" | telebit sclient whatever.com
|
|
|
|
See https://telebit.cloud/sclient/"
|
|
|
|
relay = "Telebit Relay
|
|
|
|
We envision a future with better routers capable of providing reliable Internet
|
|
connectivity, and trusted peers bridging the gaps between unfavorable network
|
|
conditions.
|
|
|
|
We plan to always run telebit.cloud as a relay-as-a-service for convenience,
|
|
but it is our hope that, if your network conditions permit, you will also run
|
|
your own telebit relay for your friends, family, and yourself.
|
|
|
|
See https://git.coolaj86.com/coolaj86/telebit-relay.js"
|
|
|
|
in-n-out = "Telebit Secret Menu
|
|
|
|
The secret flags are:
|
|
|
|
--profile <name> Use config files, sockets, and pipes with this name.
|
|
For debugging and development. (default: telbit, telebitd)
|
|
--set-profile <name> Switch from the default profile
|
|
--address <path|host:port> Use explicit socket path (or address) or pipe name
|
|
Overrides \"--profile\""
|
|
|
|
[remote]
|
|
version = "telebit remote v{version}"
|
|
|
|
code = "
|
|
==============================================
|
|
Hey, Listen!
|
|
==============================================
|
|
|
|
GO CHECK YOUR EMAIL!
|
|
|
|
DEVICE PAIR CODE: 0000
|
|
|
|
==============================================
|
|
"
|
|
|
|
waiting = "waiting for you to check your email..."
|
|
|
|
success = "Success"
|
|
|
|
next_steps = "Some fun things to try first:
|
|
|
|
~/telebit http ~/Public
|
|
~/telebit tcp 5050
|
|
~/telebit ssh auto
|
|
|
|
Press any key to continue...
|
|
"
|
|
|
|
[remote.setup]
|
|
|
|
email = "Welcome!
|
|
|
|
By using Telebit you agree to:
|
|
|
|
[x] Accept the Telebit™ terms of service
|
|
[x] Accept the Let's Encrypt™ terms of service
|
|
|
|
Enter your email to agree and login/create your account:
|
|
"
|
|
|
|
[daemon]
|
|
version = "telebit daemon v{version}"
|