💾 Archived View for gemini.circumlunar.space › ~solderpunk › gemlog › ssh-apps-and-accessible-gemini… captured on 2022-04-29 at 12:41:39. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-11-30)

➡️ Next capture (2023-03-20)

-=-=-=-=-=-=-

SSH apps and accessible Gemini publishing

Over at the Sensor Station, Matt is "unreasonably excited about curses UIs":

Matt's post "curses" (2020-12-19)

I wanted to respond, fairly briefly, to one sentence in that post in particular:

Imagine curses UIs over telnet/ssh instead of webapps

This is, of course, perfectly possible, and in fact the Gemini client kiosk is an example of this. For the unaware, if you run:

ssh kiosk@gemini.circumlunar.space

You'll be presented with an interactive curses menu from which you can choose to launch either Amfora, AV-98 or Bombadillo to pop your head into Geminispace without having to install a client on your local machine. It's a neat way of getting emergency Gemini access on any machine with `ssh` installed. For the record, I borrowed this idea 100% from the similar Gopher kiosk at bitreich.org, right down to using `pdmenu` for the menu.

Bitreich's Gopher kiosk

pdmenu (recently removed from Debian, grumble, grumble)

I recently had somebody email me to say that they'd never seen something like that done over ssh before, and wanting to know how I did it. I made a mental note to make a gemlog post about it in case others were curious, and promptly forgot about it until this timely reminder. So, let's get that out of the way. A minimal example can be achieved by including the following block at the end of `sshd_config` on the server in question:

Match User kiosk
        PasswordAuthentication yes
        PermitEmptyPasswords yes
        ForceCommand pdmenu -c

The first line restricts everything that follows only to the `kiosk` user. The first two lines permit authentication with a password (which I have off for all other accounts - people need to use public keys to sftp in to upload content) and permit an empty password. I guess the ssh client is smart enough to attempt an empty password before prompting for a password, so this results in an instant and non-interactive login. The final line forces the execution of a particular command, in this case `pdmenu`, but it could be literally anything. This cannot be overriden by specifying another command in the usual ssh fasion. A `ChrootDirectory` line could be included for a little extra security, and I also have `X11Forwarding no` and `AllowTcpForwarding no` in there as well. That's all there is to it!

Of course, there is nothing to stop you allowing access to a curses app on a remote ssh server in a less anonymous way. You could use `Match Group` instead of `Match User` to have actual user accounts which require password or public key authentication to execute the application. The application could read files from the user's home directory so that it acted differently for each user.

The analogy to webapps is fairly apt here. Compared to software running locally, these "ssh apps" have the exactly same advantages a webapps (a user can log in to a service from any machine with an ssh client and all of their settings/content/whatever is there, and it's easy to simultaneously upgrade all users to a new version when bugs are fixed) and the exact same disadvantages (the don't work offline, the people running the service can change it or discontinue it at the drop of a hat and users are powerless to resist, and they may not make it easy to export your data). Compared to webapps, they have the advantage that the client is slim and predictable, cannot be made to store state, and doesn't connect to anywhere you don't ask it to. Any heavy lifting happens server side, which means even old and slow computers can use such apps. For applications which don't require graphics, ssh apps are actually pretty appealing.

I do think this idea is underexplored these days. There are BBSes out there which work this way, but aside from these and the Gopher/Gemini kiosks, I don't know of anything else that works this way. If you do, I'd be happy to hear about it! I'll sketch two ideas roughly here.

Back when the Zaibatsu was quite actively developing pubnix software, we put up a Gopher front end to our git repos:

Circumlunar Software Forge

This meant people could not only anonymously clone our repos, they could also get a least a minimal overview of what was happening in them by seeing commit messages, etc. You can only download .zip files of the repository contents.

But when it comes to reporting bugs, requesting features or submitting packages, there's nothing there but a contact email address. This works fine, of course, but developers can and do forget/lose emails, and there's utility in other people being able to see which bugs have already been reported. For a long time I've thought it would be cool to have a shell-based (could be curses-based, but needn't be) bug tracking utility accessible via `ssh bugs@circumlunar.space`, but I've never gotten around to writing one.

Moving on to another idea, there was some discussion on the Gemini mailing list months back about how Gemini publishing was not very accessible to non-technical users. If you're able to run your own server it's easy, and if you're comfortable using sftp and fiddling with filesystem permissions to maintain a capsule on somebody else's server it's also easy, but for so-called "normal people" these aren't trivial undertakings. Because Gemini has nothing like a POST request, it's not possible to build a user friendly Gemini applications to let people publish from within their client, in the style of Wordpress, Live Journal, etc. More than one person responded to this by setting up a server where users can use a web interface to make posts to Geminispace. Gemlog Blue presents an ultralight web interface with no Javascript and no cookies, and makes the results accessible only via Gemini. I'm not sure about Flounder Online's interface, but it takes the interesting approach of serving content via both Gemini and the web simultaneously (the HTML version is derived automatically from the Gemtext version, which is straightforward enough to do). Both services have substantial userbases, suggesting there is real demand for easier publishing interfaces.

Gemlog Blue's

Flounder Online

There's no reason this couldn't also be done with something like `ssh post@myfreegemlog.net`, which could ask for a username and password before bringing up a nice curses menu with options like "New post", "Edit post", "Delete post", launching a user-friendly editor like `nano` for editing, etc. The software could take care of setting file permissions, generating Atom feeds, etc. It wouldn't be for everybody, certainly, but I think the retro aesthetic would find a lot of fans these days, and it would allow relatively user friendly (at least for people without a pathological fear of terminals) publishing to Geminispace without having to rely on a web browser at all. Seems like a fun project, if nothing else.