Shellhub is an open source alternative to Dataplicity. Run the Shellhub host on a host computer then run the agents on the remotes.
==== Host ====
  * if you are already running ssh on the host you'll need to create (or add to) a ''.env.override'' file ''SHELLHUB_SSH_PORT=<SOMETHING_OTHER_THAN_22>''
    * you'll use this port # when logging into the remotes via ssh cli e.g. ''ssh -p <PORT_#> <USER>@<SSHID_FOR_REMOTE>@<HOST_IP_OR_NAME>''
  * [[https://docs.shellhub.io/getting-started/installing/|directions for install]] (dev environment not necessary)
  * for ssl add to ''.env.override'':
<code>
SHELLHUB_AUTO_SSL=true
SHELLHUB_REDIRECT_TO_HTTPS=true
SHELLHUB_DOMAIN=<your domain or subdomain without quotes>
</code>
=== autostart ===
Add a ''systemd'' service:
  * create ''/etc/systemd/system/shellhub.service'':
<code>
[Unit]
Description=ShellHub
After=network.target

[Service]
User=root
Type=simple
WorkingDirectory=<DIRECTORY WHERE SHELLHUB ROOT LIVES>
ExecStart=make start
Restart=always

[Install]
WantedBy=multi-user.target
</code>
  * ''sudo systemctl enable shellhub.service''
  * ''sudo systemctl start shellhub.service''

==== Remote ====
  * Shellhub provides a docker container for RPI and friends but our candidate was a riscv64 mangopi for which there was no suitable Docker container
  * Instead we cloned the repo then [[https://docs.shellhub.io/developers/agent/installing#installing-from-source-code|build the agent from source]]
<code>
 git clone -b v0.10.4 https://github.com/shellhub-io/shellhub.git shellhub
 sudo apt install golang
 cd shellhub/agent
 go build -ldflags "-X main.AgentVersion=v0.10.4"
</code>
    * {{ :lwc:agent.gz |zipped riscv64 compiled binary of agent}}
  * Format for the public/private keys must be ''pem'' so ssh keys from standard ''ssh-keygen'' will not work. Instead do something like: ''ssh-keygen -t rsa -f key.pem -m pem'' with ''-m pem'' being the magic sauce ([[https://stackoverflow.com/questions/55470311/encode-private-key-getting-error-asn1-structure-error-tags-dont-match|source]]).

=== Autostart of Agent ===
  * add a script ''startAgent.sh'' to start the agent:
<code>
#!/bin/bash
export SHELLHUB_TENANT_ID="TENANT_ID"
export SHELLHUB_PRIVATE_KEY="PRIVATE KEY PATH AND FILENAME IN PEM FORMAT"
export SHELLHUB_SERVER_ADDRESS="SHELLHUB SERVER ADDRESS"
./agent
</code>
  * ''sudo chmod 755 startAgent.sh''
  * starting the script from the shell works fine but for some reason does not work with ''systemd'' unless we change ''/bin/sh'' to use ''bash'' instead of ''dash''
    * ''sudo dpkg-reconfigure dash'' and choose ''no'' when prompted
  * create ''/etc/systemd/system/shellhubAgent.service''
<code>
[Unit]
Description=ShellhubAgent
After=network.target

[Service]
User=root
Type=simple
WorkingDirectory=FULL PATH WHERE AGENT AND STARTUP SCRIPT ARE LOCATED
ExecStart=FULL PATH AND FILENAME OF STARTUP SCRIPT
Restart=always

[Install]
WantedBy=multi-user.target
</code>
  * ''sudo systemctl enable shellhubAgent.service''
  * ''sudo systemctl start shellhubAgent.service''

=== Login with cert to remote (agent) ===
  * local machine generate public/private key.
    *  it could be that any public/private key would work but docs suggest''ssh-keygen -t ed25519''
  * upload public key to web portal (public keys menu on LHS)
  * make sure private key on local machine has permissions 600
  * login from local machine using private key: ''ssh -p <PORT> -i <PRIVATE_KEY_PATH_AND_FILE> <USER>@<SSHID_FOR_REMOTE>@<HOST_IP_OR_NAME>''

=== Disable Password login ===
//This is not a built-in function for community edition it appears so as a workaround we can hack the code//
  * pre v0.13.0: in ''/pkg/agent/server/server.go'' edit ''func (s *Server) passwordHandler('' so the first line of the method reads ''return false''
  * post v0.13.0: in ''/pkg/agent/server/authentication.go'' edit ''func (s *Server) passwordHandler(ctx gliderssh.Context, pass string) bool {'' so the first line of the method reads ''return false''
  * ''cd shellhub/agent''
  * ''go build -ldflags "-X main.AgentVersion=<VERSION>"''

==== Setting up VNC on remote (Xubuntu 22.04) ====
=== On Remote ===
  * ''sudo apt install xtightvncviewer''
  * change ''~/.vnc/xstartup'' to read:
<code>
env -i /bin/sh -c "export PATH=$PATH;
                   export XAUTHORITY=$XAUTHORITY;
                   export DISPLAY=$DISPLAY;
                   export HOME=$HOME;
                   export LOGNAME=$LOGNAME;
                   export USER=$USER;
                   /usr/bin/xfce4-session"
</code>
  * write a script:
<code>
#!/bin/bash
if ! pgrep -x "Xtightvnc" >/dev/null
then
    vncserver -geometry 1366x768
fi
</code>
  * call this script in session and startup (yes systemd is the right way to do this but I couldn't get it to work)
  * restart Xserver
=== local ===
  * ''ssh -p 24 -i <PRIVATE_KEY> <NAME_OF_REMOTE> -L 5901:127.0.0.1:5901''
  * then in a separate window ''gvncviewer :1''