From 7e1243e71dd5d41778d69e9f167513d5e7341fda Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 22 Sep 2018 20:56:08 -0600 Subject: [PATCH] add a chunk of docs --- lib/en-us.toml | 176 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 164 insertions(+), 12 deletions(-) diff --git a/lib/en-us.toml b/lib/en-us.toml index fa8133b..d09538d 100644 --- a/lib/en-us.toml +++ b/lib/en-us.toml @@ -3,7 +3,7 @@ main = "telebit remote v{version} -Telebit Remote - The T-Rex long-arm of the Internet. +Telebit Remote is the T-Rex long-arm of the Internet. UNSTOPPABLE! Using reliable HTTPS tunneling to establishing peer-to-peer connections, Telebit is empowering the next generation of tinkerers. Access your devices. @@ -17,35 +17,57 @@ Usage: The flags are: --config specify config file (default is ~/.config/telebit/telebit.yml) + -h,--help display this menu (or sub-command menus) + --json output json instead of text, if available The commands are: status show status and configuration info - enable turn on remote access and sharing - disable turn off remote access and sharing http access files, folders, and local apps via https (secure) - ssh (local) enable remote access to this device with ssh-over-https - ssh (remote) access devices via ssh-over-https (telebit, stunnel, openssl, etc) + ssh enable remote access to this device with ssh-over-https + ssh (client) access devices via ssh-over-https (telebit, stunnel, openssl, etc) tcp forward tcp locally + enable turn on remote access and sharing + disable turn off remote access and sharing + Use \"telebit help [command]\" for more information about a command. Additional help topics: config config file format and settings - ssh (proxy) ssh over https and proxy commands + ssh-proxy ssh over https and proxy commands ftp secure ftp file transfer between devices rsync rsync over https and proxy commands vpn home network access and private web browsing via socks5 + sclient use the sclient emebbed within telebit daemon telebit daemon secure background service relay telebit secure relay, hosted, and self-hosting options -Copyright 2015-2018 https://telebit.cloud MPL-2.0 Licensed" +Copyright 2015-2018 AJ ONeal https://telebit.cloud MPL-2.0 Licensed (RAWR!)" -http = "usage: telebit http [subdomain] +status = "usage: telebit status [subdomain] -'telebit http' is the fastest way to share files, folders, and local apps. +'telebit status' shows details about the current connections (or lack thereof). + +Example: + + Status: RAWR! (uptime: 45 minutes) + + Forwarding ssh+https://jon.telebit.io => localhost:22 + Forwarding https://client.jon.telebit.io => localhost:3000 + Serving https://public.jon.telebit.io from ~/Public + Syncing ~/shared => home.jon.telebit.io:shared + + Relay: https://telebit.cloud + +Additional help topics: enable, disable +" + +http = "Telebit HTTP - The UNSTOPPABLE way to share files, folders, and local apps. + +usage: telebit http [subdomain] http [subdomain] serve a file, folder, or node express app ex: telebit http ~/Public pub ex: securely host ~/Public as pub.johndoe.telebit.io @@ -55,12 +77,137 @@ http = "usage: telebit http [subdomain] http none [subdomain] remove secure http access for (any or all) subdomain(s) ex: telebit http none ex: remove all https access + +Use cases: + + Lazy man's AirDrop (works or lazy women too!) + Testing dev sites on a phone + Sharing indie music and movies with friends " -tcp = " -usage: telebit tcp +ssh = "Telebit SSH - The UNSTOPPABLE way to remote into your devices. -'telebit tcp' is provided for seemless connectivity to legacy apps +usage: telebit ssh + +All https traffic will be inspected to see if it looks like ssh Once enabled all traffic that looks + + ssh auto Make ssh Just Works™ (on port 22) + + ssh forward ssh traffic to non-standard port + ex: telebit ssh 22 ex: explicitly forward ssh-looking packets to localhost:22 + + +Telebit SSH Client + +usage: telebit ssh + +This is just a shortcut for \"ssh\", with all ssh-over-https options turned on. + + ssh Make ssh Just Work™ (over https) + ex: telebit ssh jon.telebit.io ex: + +\"telebit help ssh-proxy\" for more info + +Use cases: + + Access your home computer from work. + Access your work computer from home. + Good ol' fashioned screen/tmux style pair programming + Watching your US Netflix account while traveling in the EU (telebit help vpn) +" + +ssh-proxy = "Proxying SSH over HTTPS + +Wrapping SSH in HTTPS makes it accessible anywhere and also makes it routable. +Whether inside a harsh network environment or even if hindered by a poorly +configured firewall, once wrapped in tls, ssh becomes UNSTOPPABLE. + +Usage: + telebit ssh + +Example: + + telebit ssh jon.telebit.io + +It is NOT at all neccessary to use \"telebit ssh\", it's just a convenience. +Wanna know why, and the alternatives? Keep reading! + +## History + +When TLS sends an encrypted packet over the network it begins with a handshake +which shows the things like the tls version and the host SERVERNAME unencrypted +so that the remote server can respond with the correct certificate. + +SSH was created well before TLS and has a completely different header. The good +news is that, unlike some other early internet protocols, it does have a header +with its name and version, but it doesn't have anything to identify the server. + +## Telebit + SSH + +Here's why: + +When you're running ssh through an https tunnel (as telebit does) you +can't just use \"ssh me.example.com\" to get in. You have to tell ssh that you +want to use an https tunnel. Using \"telebit ssh\" as a client will specify +all of the correct ssh options. + +However, when you want to connect to ssh over https, you either have to pass +the correct arguments or modify your ~/.ssh/config to use \"openssl s_client\". + +We explain the different configurations below: + +## SSH + openssl + +The configuration that's most likely to work with what's already installed on +your machine is this: + + Host jon.telebit.io + ProxyCommand openssl s_client -quiet -connect %h:443 -servername %h + +Or you would call ssh directly, like this: + + ssh jon.telebit.io -o ProxyCommand=\"openssl s_client -quiet -connect %h:443 -servername %h\" + +It's rather simple, but it looks quite daunting. + +## SSH + sclient + +Because that looks a little hairy, we created \"sclient\", so that the example +could look a bit more digestible: + + Host jon.telebit.io + ProxyCommand sclient %h + +Or + + ssh jon.telebit.io -o ProxyCommand=\"sclient %h\" + +## Inverse SSH Tunnel (same as stunnel) + +The commands above instruct ssh to open a pipe into openssl or sclient. If we +instead want to connect ssh to a local tunnel, it looks like this: + + Host jon.telebit.io + Hostname localhost + Port 3000 + HostKeyAlias jon.telebit.io + CheckHostIP no + RequestTTY force + +Or + + ssh localhost -p 3000 -t -o CheckHostIP=no -o HostKeyAlias=jon.telebit.io + +## See also + + telebit ftp + telebit vpn +" + +tcp = "Telebit TCP - Seemless connectivity to LEGACY apps. +Use 'telebit http' instead, where possible (including for ssh). + +usage: telebit tcp tcp [remote] forward tcp to from ex: telebit tcp 5050 6565 ex: forward tcp port 6565 locally to port 5050 @@ -71,6 +218,11 @@ usage: telebit tcp tcp none [remote] disable tcp access for [remote] port ex: telebit tcp none 6565 ex: remove access to port 6565 +Use cases: + + Debugging plain TCP when troubleshooting a legacy app + You can't install a secure client (like telebit, sclient, openssl, or stunnel) + See also sclient for connecting to legacy apps with telebit-upscaled secure https access. "