Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Show HN: I made Devzat – It's like Discord but in the terminal, over SSH
391 points by quackduck on March 15, 2022 | hide | past | favorite | 147 comments
Run `ssh devzat.hackclub.com` to try it out! The repo is here: https://github.com/quackduck/devzat (golang). It has markdown and emoji support, DMs, channels, and it can show images too. You can send code, and it gets syntax highlighted (you can change the theme). You can ping people like so: @user and it sends them a \a, which should play an audible sound if the terminal allows it. There's inbuilt games and rainbow names and a lot of other small things I don't remember right now.

You might find the auth system interesting: it's based on a hash of ssh pubkey (bans use that and a hash of IP, so it isn't so easy to get around a ban)

Also an interesting issue: bots that go around trying to brute force ssh into random IPs with common usernames. My current solution is banning if rapid successive joins are detected.



Love the fact that there are currently more people on the server than likes on this post :D

You might wanna take a look at https://github.com/charmbracelet/bubbletea ad specifically https://github.com/charmbracelet/soft-serve for v2.

IRC style commands that are only sent to the sender would also be nice as current version is a bit spammy with help and user commands.


+1 for charm bracelet, those libs are great. Plus the website is amazing


idk if i wanna make this a TUI tbh, i've seen those libs before. I don't think they support output to an io.Writer / term.Terminal though


I believe https://github.com/charmbracelet/wish is the repo you're looking for!

(and also the repo the person you replied to probably meant to post)


Wow yeah that is pretty cool


Argh, yap that's the one thank you :D


I just get "Permission denied (publickey)". The README says to just run ssh-keygen, but I already have an RSA key. Does this server only support ed25519 or something?


Using the following helped me join: ssh devzat.hackclub.com -p 443

... to get around my firewall!


This is your week to learn about .ssh/config files.


this is mostly a certain crypto lib's fault (maybe stdlib, let me check)


Ugh. That’s not specific to one language either. Changing CA certs or enabling OCSP is often a case of configuring the same thing in several places or multiple libraries. Identity certs doubly so. If memory serves I spent more time on that than the rest combined.


it's a known gossh issue I believe


That's the one


I think you are correct. Was able to get in by first doing `ssh-keygen -t ed25519` to create new private/public keys (be careful not to overwrite ssh keys that you are already using for other things!). RSA support is being phased out in various places.


Just confirming that I had to do this first and it started working. It was originally giving me the Permission Denied (publickey) error.


> It's like discord but in the terminal, over SSH

so it's IRC?


idk, i didn't exist when IRC was the hip thing


You might wanna check it out. Things like code quotes and expand/collapse would be cool to add to an IRC client. I think some clients already support emoji as it's just UTF8?

It's common for IRC users to use IRC from a terminal client on their desktop. If they have a remote server they'll ssh into a box and use their terminal client there. They'd also use a screen session to keep their IRC client running 24/7 so they can keep receiving messages. Or they'll keep an eggdrop bot on a server somewhere, which is basically a sorta IRC proxy that they connect to from any IRC client and can keep their user online in the background.

Here's some stuff on IRC: https://github.com/ircdocs/modern-irc | https://ircv3.net/ | https://wiki.wireshark.org/IRC

Looks like there's some discord<->IRC gateways: https://github.com/sjwhitak/discord-irc-matrix https://github.com/qaisjp/go-discord-irc https://discordrc.com/

Here's some IRC stuff in Go: https://github.com/khlieng/dispatch https://github.com/ergochat/ergo https://github.com/go-irc/irc https://github.com/search?q=go+irc


Great post! Minor nit: eggdrop is an old bot written in TCL. People use "bouncers" like BNC and ZNC to proxy IRC through a shell to keep themselves connected, and other features.

I don't know why we keep reinventing IRC.


Interesting. Btw, by support emoji I mean things like ":rocket:", ":fire:", etc do what they should: using emojis by copy pasting or using a system emoji picker gets tiring


More like a BBS partyline. IRC requires a custom client, not just a terminal connection.


You can do IRC just with nc.


i had been using telnet for irc in the 90s a lot, it doesn’t really require any custom client


IRC 4 Life...


IRC never used SSH.


not directly, no, but one of the most common ways to maintain a persistent IRC session is to ssh to a server somewhere (typically not on a residential or dynamic internet connection) and then run your CLI irc client like ircII, bitchx or irssi inside of a gnu screen session, or inside of tmux.


Devzat will be temporarily down while I figure out some good auto-moderation


yeah it was a matter of time before people starting spamming


I would have expected some self selection: these are people from HN who know how to use SSH. Not exactly a high bar but implies some proficiency with software.


based on my past experiences of hiring and connecting with people from HN & YC

they've been some of the worst. I don't know what it is about this site that people place so much positive bias here.


Oh, interesting

I guess it just feels like people into tech and software would yk, not engage in hate speech. Then again, I'm pretty new to the world in general.


[flagged]


He also loves monopolies


By the way, what makes your username colored green?


It means that they're a new user. [0]

[0] https://news.ycombinator.com/newsfaq.html


It’s to celebrate St Patricks day. Nice touch by dang


What you actually select for with this particular requirement is misanthropic elitists who see new tech as something to break. A shame, isn't it?


[flagged]


I'm 16, and I think you should grow up.


My age is very similar to yours :P


Proving his point?


Their point, surely, as quackduck may not be male.


lmfao.


Really like this, great work! For those who aren't aware, there are more of these: ssh-chat[0][1] and sshtalk[2].

[0]: https://news.ycombinator.com/item?id=8828543

[1]: https://news.ycombinator.com/item?id=8743374

[2]: https://news.ycombinator.com/item?id=15829206


After living through Google Chat going down while handling a server incident at work, I created an internal, encrypted chat system in order to have an alternative in case our regular communications channel is down.

However the actual chat part of it is very barebones with a simplistic JSON-based protocol and a simplistic IRC-like interface - quite unlike devzat.

I wonder how hard it would be to untangle the authentication and transport bits from devzat and plug in our own proprietary auth/transport.


I don't think it wouldn't be hard, since there isn't really much auth (just some key and IP stuff), so you'd mainly have to add your own. Feel free to email me (my email's on my github) with updates / questions if you do decide to try it out!


Would an internal Matrix homeserver meet that need?


Or an internal IRC server.

Or a Zulip server.

Matrix is overkill if you're never going to federate it.


What makes you say that?


Matrix is a joy when not federated fwiw, given all the stuff that could slow it down (talking to other people’s servers) isn’t happening :)


make sure one's ssh-agent forwarding is off when connecting to strange hosts :)


Are you telling me that everyone who clones a repo from GitHub via SSH is in fact authorizing GitHub to use their private key? Why hasn't anyone made a slick web page with a catchy name like AuthBleed or SecretAgent to describe that one yet?


The default OpenSSH settings are safe. You have to explicitly whitelist servers or domains in `.ssh/config`, but if you were to blatantly blast:

Host * ForwardAgent yes

The scenario you talk about is certainly possible, especially since OpenSSH does not require a "tap" for each authorization once the agent is unlocked. (Side note: this is one thing hardware u2f keys absolutely got correct).


Also make sure you're not exposing an identifying public key to a service you intended to use anonymously.


Did you know you are exposing your identity for each "permission denied" error? SSH repeatedly tries all of your public keys to authenticate. Someone was able to harvest that and figure multiple github profiles of the client in past.


You are right. My personal method for testing such things is to ensure I do not have any of the default keys.

  mkdir --mode=00500 -p ~/.ssh_config_backup
  rsync -avH ~/.ssh/. ~/.ssh_config_backup/.
  rm ~/.ssh/id_*
Then I generate custom keys per-site and list them in ~/.ssh/config/

  ssh-keygen -q -t rsa -b 2048 -N "" -C "test" -f ~/.ssh/.id_devzat
Then in ~/.ssh/config

  IdentitiesOnly yes
  SendEnv LANG LC_ALL
  ForwardAgent no
  ForwardX11 no
  ForwardX11Trusted no
  # [snip]
  #
  Host devzat chat
    Hostname devzat.hackclub.com
    Port 22
    User test
    IdentityFile ~/.ssh/.id_devzat
    LogLevel VERBOSE
Verbose to see debug if you are having issues.

If one needed to temporarily use the old key for a site until it is changed to a site-unique key, then

  rsync -av ~/.ssh_config_backup/id_rsa ~/.ssh/.id_somesite
Then make a note to change the key on that site and generate a site unique key.


(assuming I am malicious (which isn't really a bad thing to assume))


huh that's... really bad. Is there some way of turning that off? grepping through the man file didn't tell me about any options.


Holy crap, moderation is hard.


One thing you might consider doing is using https://github.com/USER.keys to verify the identity of the person connecting. Then use the GitHub API to verify they have at least N followers and has existed for N days. It would be wonderful to have a social network for open source developers on the command line.


I'm in the terminal / chat right now. This is giving me major 90's nostalgia! Incredible.


Yeah, same here -- serious 90's nostalgia in the best way. This is awesome.


thanks, i'm glad you guys like it :)


Me too, using irssi.


yep, same. Just something about terminal chat clients. I wish Discord would allow you to create a terminal client where you didn't have to do all kinds of workarounds.


If I remember correctly there is such a thing on GitHub, although it is against Discord's ToS. I have a Discord bot that I have written in two different languages as well. It would not be difficult to turn either of them into a pretty TUI. I probably would give Tk a chance, too. It is very lightweight, and can be made really pretty with ease.


I really dig this, but if I issue a command like cd, the output should only be showed to the person who issued the command.

but this is really fun! nice job!


That was an intentional choice


What if you want to just say one of the commands? IMO, there should be some sort of prefix (like '/') before commands to disambiguate.


any prefix would make a command not a command, kinda like how people on twitter add a random character before a tweet starting with a user mention


i knew the name looked familiar... there's already a hackthebox out for it: https://www.youtube.com/watch?v=QEgtbzS1Pyc


I know! An longtime user of Devzat made it


that's awesome. i recently built an ssh management interface using some of the same libraries, i'll be sure to check it out.


cool


Looks cool, joined and made friends with a french dude. Totally forgot how cool irc-like minimalism can be sometimes.


Thanks lol, that makes me smile


I like it. A few observations:

* Hangman doesn't give you credit for all instances of a letter when you guess it

* Starting a new game of hangman (maybe also TTT?) interrupts/erases the previous one, if there's one in progress

* Images can be anything and aren't filtered - troll users could present some nasty stuff

* User settings don't persist (e.g., nickname)


I'm not good at handling user data so I haven't added persistence, could in the future

IDK how to filter images oof

Wdym by that first point? (Hangman is case sensitive)


For Hangman, I started a game with the word as "panda." There are two "a" characters. The person who guessed "a" only revealed one of them.

The rules of Hangman are that every letter guessed reveals all instances of that letter in the word.


that's super strange, that usually works


sixel appears to be too large... it would be better if it made small outputs


sixel is super experimental


still, thanks for supporting sixels :)


Okay auto-moderation seems to be working surprisingly well! Related commit: https://github.com/quackduck/devzat/commit/866c33a7d24b43f26...


TIP: If you want to be truly anonymous, don’t use the same identity file that you use to ID yourself with Github since the latter publishes your pubkey in https://github.com/<username>.keys


Back in the mid 90's, I used to hang out on what was called vrave, a telnet based chat hosted at hyperreal.org (Apache's' Brian Behlendorf's rave archive/culture site).

This is definitely making me nostalgic for it.


My first Unix account was on hyperreal.org, given to me by Brian Beulendorf so I could put up the Dance Music Business Resource.

The same machine also hosted apache source code repositories.

Oh, hi Jon! It's Chris, from the 90s


I used to live in your basement!


Strange. I reported to Brian for years. He’s moved on, for now, I guess?


I think most ravers from that time period have moved on. :)


I'm glad it reminds you of something you liked :)


Isn't the only thing this has in common with Discord.. text chat?

That's the LEAST interesting part about Discord, and it's basically just table stakes for a chat service.


well, channels, emoji names, syntax highlighting...


Is this working now? I logged on and can't do anything and nothing seems to be happening, i just get a snippet of text starting "38m earlier"


Same for me, I'm guessing it's hugged from all the YC traffic.


pretty much lol


sorry, i have no idea why it went down lol, i've fixed it now


yeah, I think I broke you system - completely stopped for me


Im not a command liner but was curious to check this out. I tried running ssh-keygen and the "Enter file in which to save the key (C:\Users\.../.ssh/id_rsa):" prompt appears and I lose ALL keyboard input to the command line. No CTRL C, no text, no enter. Cant do anything. Anyone aware of what the problem is?

Windows 10 PowerShell


> Anyone aware of what the problem is? Windows 10 PowerShell

That seems like the most likely problem, yes.


One thing that could help with the bots is leveraging some of the community generate blocklists for the ssh bots such as blocklist.de though there are other providers. It may not stop all of them, but will cut down a lot on the noise. These are generally useful for any ssh instance exposed to the internet.


that is a good idea! a more pressing problem that has recently become so is human-generated profane spam


> bans use that and a hash of IP

Why hash it? There are <2^32 IP(v4) addresses, so it would be trivial to crack the hash.


the hash is only visible to me, but I'd rather have to spend 10 minutes cracking an IP than just be able to see them plaintext


There are examples to test with [1] Seems like if someone runs this server they are making those people admins unless they edit that file.

[1] - https://github.com/quackduck/devzat/blob/main/admins.json


Nuclear Greenhouse BBS vibes!

http://www.bbsdocumentary.com/software/IBM/DOS/GTALK/bbs_gta...


Lots of fun, but the issue with the images (is this the problem?) needs to be fixed. And the command issue where everyone sees the output - I wonder how hard that would be to address. Neat app!


Everyone seeing output is an intentional choice. What's the problem with images?


Very cool project! I think having more channels would help cut down on the fast pace of chat, as well as the suggestions from others about making broadcasting commands to everyone opt-in.


Oh you can always make your own channel, just cd into a new one


I've just spent an hour on here when I should really be sleeping. Reminded me a lot of public IRC channels back in the day, surprised how fun it was to hang out with everyone. :)


those never left.


Joined but got banned pretty quickly after not saying a word :(


Could you send your ID (the hash in the message it gives you)? There's been too much spam for me to be an accurate filter, I'm really sorry


I typed "hello" and hit Enter, and the whole thing froze. Had to close my shell because I couldn't get out of the chat session any other way. Not great.


FYI if you use an openssh client and you can't disconnect via closing the remote shell normally, type RET+tilde+period in sequence to close it forcefully without losing your local shell. There are more RET+tilde shortcuts as well.


Thank you. This is extremely useful information.


pretty sure they are running maintenance rn. OP posted <40mins ago that they were taking it down temporarily for some spam proteciton. I personally can't even connect


Should be good now, HN stresses out my server haha


I really like it, it seems like a great alternative to slack for a team that just wants non-notification chat


Heck yeah, feel free to email me updates (you can find my email on my github) if you decide to try it out


Damn this is sick! I'll bookmark this so I can mess around with this later!


Reminds me of irssi... A terminal IRC client from way back! Great job!


Still maintained, and I am still using it. I guess I am from way back, too. :)


Post a video of a demo of it. Might drain attention :)


Good idea, idk how to make good videos, probably an asciinema would be good


ASCII Enemas should be a last resort. When all else fails.


Looks like the n-word filter is working.


This is fun. Well done!


Thanks, I see you had the same username on Devzat


> Also an interesting issue: bots that go around trying to brute force ssh into random IPs with common usernames. My current solution is banning if rapid successive joins are detected.

I should've read this before trying to connect 100 usernames in parallel.


LMAO, send me your ID and I'll unban you (if you got banned)


Seems frozen


What is discord? Yes, I’ve heard of the company, but haven’t used it. You might do better with “chat” as more folks know what that is.


I still remember when Discord was primarily a voice chat (later, with screen sharing features too), essentially a replacement for TeamSpeak/Mumble/Ventrilo, not IRC or XMPP MUC.

Looks like those days it's more of a Slack/Gitter/IRC alternative.


I imagine the selection of people who would use Devzat's feature set are at least passingly familiar with Discord.

People who aren't familiar with Discord but that would still use text chat over SSH are probably more likely to use IRC.


Discord is one of the most popular chat platforms. Imagine IRC, but more modern and the developers actually care about UX.


I struggle to use Discord precisely because of the UX. and I say that with years of IRCing in a terminal with a black background. I vastly prefer Slack's theme.

Discord's dark & light themes are too hard on my eyes. They feel like the designers have never worked on a 13" MBP and only large monitors w/ non-retina displays.


But unfortunately it is highly censored. And if you're part of any community that is banned, your account is banned as well. It happens often. Something I experienced, as a former member of a nootropics server.

I don't find the service very trustworthy, but I think that if you're a gamer, it may work out just fine for you.


All the topics mentioned in this subthread sound like my kind of thing. It's sad that Discord bans for that.

If you ever want to resume your communities elsewhere, perhaps check out Matrix (https://matrix.org/)? If you have the know how to host your own server, you can host a community without the risk of being shut down by an external party. People from other servers can still join because the network is federated.


I got banned for demonstrating spectre and meltdown to a work audience, during the presentation.

FML.


This is everything right here.


I agree that I wish their rules were more lax, but a trust and safety ban of a server doesn't necessarily ban everyone from the server. Just recently a server I was in got a trust and safety ban and no one got banned. The server just disappeared.


Reminds me of a time when a dedicated anti-malware server was temporarily deleted (probably due to the amount of malware samples being sent)


LOL @ the developers caring about UX. I can't count how many times I tried to find some functionality only to have to google how to do it.


The only time I've does this it turned out that a feature didn't exist to do what I wanted, but you must admit the UX of creating a new IRC server is a million times worse than creating a new discord server.


For one you're actually not making a discord server, so there is that.


That's an implementation detail. Having servers automatically provisioned for you is more convenient for users.


Everything is an implementation detail then ?




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: