-
Notifications
You must be signed in to change notification settings - Fork 137
Connect to remote
Running pueued
on a server and wanting to check on the current progress without a login shell is a common scenario.
Pueue supports TLS encrypted communication to a remote and secret based authentication. If that's not safe enough for your use-case, you can always listen on unix-sockets/localhost and do port/unix-socket forwarding via SSH.
Reminder:
- You have to set
read_local_logs
config tofalse
in the client config. Otherwisefollow
andlog
won't work. - You have to use the same secret file for your client and the remote daemon.
Tips:
- It's nice to use a separate configuration file for this.
The file can be set via the
-c
flag. You should also consider creating an shell alias for this. - If you decide to use SSH port-forwarding, you can create a systemd job whose job is to open the ssh connection and to reconnect, whenever the connection goes away.
Pueue creates a self-signed TLS certificate at startup. This will then be used for any TCP communication.
The client will also use the daemon_cert
, to verify the identity of the daemon. Make sure to copy the cert file to your client.
- Set
use_unix_socket
tofalse
. - Set your
host
andport
values on both daemon and client. - Restart/start
pueued
- Copy the server's
daemon.cert
to the client machine - Copy the server's
shared_secret
to the client machine - If you moved those files to non-default locations, update the
daemon_cert
andshared_secret_path
config paths.
The pueue
client will only connect to a pueued
daemon, which serves the known certificate.
That's why your client configuration must point to a copy of your server's daemon.cert
.
For port this looks like this:
ssh -L 127.0.0.1:6924:127.0.0.1:6924 $REMOTE_USER@yourhost
You can now connect from your local pueue to the remote pueue via port 6924. Just write pueue -p 6924 status
.
Unix-socket to unix-socket is of course also possible:
ssh -L /tmp/local.socket:/home/$REMOTE_USER/.local/share/pueue/pueue_$REMOTE_USER.sock $REMOTE_USER@yourhost