/phlog/presentation.gph on kroovy.de

	<- Back

	Terminal presentations via SSH + read-only tmux
	===============================================

	Have semi-trusted people connect to your machine via SSH. They immediatly
	attach to a read-only tmux-session and can do nothing but watch.

	I always liked the idea of having the ability to quickly let someone look
	at something I do in the terminal in realtime.

	This can be useful for many scenarios:
	- holding presentations,
	- tutoring commandline
	- pair programming
	- sharing gameplay (e.g. nethack)

	I'm well aware that this can be achieved by fully sharing your graphical
	screen like in Discord, Slack or Teams. But i find these methods lame,
	bulky and a waste of ressources.

	Since I can not estimate how secure this setup is, I do not recommend
	running this as a public service that allows access to untrusted people.

	I consider this setup experimental and unsecure. I am glad for every
	critical opinion on this.

	Here is the section for your /etc/ssh/sshd_config which forces the user
	into the read-only tmux-session:

	Match User viewer
	AllowAgentForwarding no
	AllowTcpForwarding no
	GatewayPorts no
	X11Forwarding no
	PermitTunnel no
	X11UseLocalhost no
	PermitTTY yes
	ForceCommand tmux a -r -t viewer; exit

	Afterwards you only need to nest the viewer-session into a tmux-session
	controlled by the presenter.

	For example:
	# wild nesting
	tmux new -s present
	su - viewer
	tmux a -t viewer
	su - $your_user

	Optional:
	# deactivate tmux-statusbar for the viewers
	tmux set -t viewer status off

	# add viewercount for the presenter
	tmux set -t present status-right "Viewer: #(who \| grep viewer -c)"

	I recommend to let people give you their pubkey so you can put it in
	/home/viewer/.ssh/authorized_keys

	This setup was inspired by the bitreich-con setup.
	bitreich-con setup
	I used tmux over abduco and stripped away the audio portion.