@xun66/live-term
v1.1.11
Published
Secure E2EE Terminal Collaboration Tool
Readme
live-term
live-term is a secure, End-to-End Encrypted (E2EE) terminal collaboration tool. It allows you to share your terminal session with a remote collaborator through a relay, and every remote-control session must be explicitly approved on the target side.
https://github.com/user-attachments/assets/02a94823-0e09-470a-a55e-4ba3ff4b7fa4
Note: The relay URL shown in the video is for demonstration only. For actual usage, follow the commands below.
Quick Start
1. Install via NPM
npm install -g @xun66/live-term🌍 Case 1: Using the Free Relay (Easiest)
We provide a free public relay at xebox.org.
Target (The machine you want to control):
live-termIt will print a Session ID (UUID). Share this with the controller.
Controller (The machine you are controlling from):
live-term --mode=controller --target-id=Session_ID🏠 Case 2: Using your own Local/Private Relay
Target:
TERMINAL_RELAY_URL=ws://localhost:8899/live-term/ws live-term --allow-insecureController:
TERMINAL_RELAY_URL=ws://localhost:8899/live-term/ws live-term --mode=controller --target-id=Session_ID --allow-insecureConfiguration Options
| Argument | Description | Default |
| :--- | :--- | :--- |
| --mode | Run mode: target or controller. | target |
| --target-id| (Controller only) The Session ID of the target. | Required |
| --id | (Target only) Custom Session ID. The controller must pass the same value as --target-id. | Random UUID |
| --relay | Full URL of the relay. | wss://xebox.org/live-term/ws |
| --allow-insecure | Allow ws:// or self-signed certificates. | false |
| --hotkey | Key to exit session (e.g., ctrl+b, ^x). | ctrl+x |
| --replay-buffer-bytes | (Target only) Max terminal output bytes kept for reconnect replay. | 1048576 |
| --replay-buffer-ms | (Target only) Max terminal output age kept for reconnect replay. | 300000 |
Note: You can use the
TERMINAL_RELAY_URLenvironment variable (as shown in the examples) or the--relayflag to specify the relay.
Security
- E2EE: All data is encrypted with AES-256-GCM. Keys are exchanged via RSA and never touch the relay.
- Verification Code (SAS): A 6-digit numeric code is shown on both ends during approval. This is separate from the Session ID. Verify this matches to ensure no Man-in-the-Middle is present.
- Explicit Approval: The target must manually approve every incoming remote-control request.
- Reconnect Replay: The target keeps a bounded encrypted-output replay buffer. If the controller reconnects before the buffer expires, missing terminal output is replayed; otherwise the controller warns that terminal display may be stale.
Self-Hosting the Relay
# Node (single path)
live-term-relay --port 8899 --paths=/live-term/ws
# Docker
docker run -p 8899:8899 -e WS_PATHS=/live-term/ws ghcr.io/xun66/live-term-relay:latestLicense
MIT
