Devzat – Chat over SSH, with some nice quality-of-life features

Original Article ↗ Hacker News Discussion ↗

Implementation approaches & related projects

  • Several comments note you can make “chat over SSH” by setting a user’s shell to any binary (chat app, IRC client, game) or by using command="..." in authorized_keys to force a single command.
  • Suggestions include trapping signals and removing escape/exec features from clients, and using libraries like gliderlabs/ssh to avoid shell escapes entirely.
  • Some prefer reusing OpenSSH + LibreSSL rather than a custom Go SSH stack, citing maturity.
  • Related projects mentioned: ssh-chat (long‑running SSH chat), a Go “shell replacement,” and SSH-based access to IRC bouncers.
  • People also discuss exposing single apps (e.g., games, streaming video, text services) via SSH for frictionless, cross-platform access.

Security and privacy considerations

  • Concerns raised about:
    • Terminal escape codes and malicious text in TTYs.
    • SSH agent forwarding; advice is to disable forwarding when connecting to random SSH chats.
    • Lack of widely deployed SSH PKI; practical use is often TOFU, making MITM easier.
    • SSH features like forwarding and agents as attack surface, and limited auditing/monitoring tools.
  • Some argue that using a new Go SSH implementation is riskier than trusted daemons; others note this app doesn’t use sshd at all.
  • Privacy angle: public SSH chats reveal IPs and public keys; users can mitigate by using separate throwaway keypairs.

Comparisons to IRC and classic Unix tools

  • Multiple comments compare this to IRC, talk, ytalk, write, wall, and finger, framing Devzat as a modern twist on long-standing text chat mechanisms.
  • Some still use write/wall for real-time coordination and run DIY “poor man’s IRC” on small servers.
  • Finger and .plan files are reminisced about as proto-social media and inspiration for decentralized status updates.

Stability, scalability, and reception

  • The main public instance experiences crashes, freezes, and “Hacker News hug of death” load issues; the author attributes this partly to weak hosting.
  • Offers are made to donate more powerful servers; some worry future users might find ways to escape the Go binary.
  • Overall tone mixes enthusiasm for the idea and implementation with caution about security and operational robustness.