from Hacker News

Show HN: Manage on-prem servers from my smartphone

by pmdfgy on 3/27/24, 12:34 PM with 34 comments

• by chatmasta on 3/27/24, 11:00 PM

  If you're on iOS, you can create a Shortcut that runs a script over SSH. I'm not sure if it's one of the native actions, or provided by an app called "Actions" which you can download from the App Store and which defines a bunch of useful actions.

• by leptons on 3/27/24, 8:13 PM

  I've been managing remote (and local) servers from my smartphone with RDP and SSH for almost 2 decades, not sure why I would use anything else.

• by moondev on 3/27/24, 5:13 PM

  An underrated advantage of ChromeOS is easily running mobile apps that expose intuitive UI like this. Combined with the floating window mode I have enjoyed using bambu handy for 3d printing and vSphere mobile.

• by nickpsecurity on 3/27/24, 8:56 PM

  If you use Python, you can restart the computer in one line using subprocess. Example:

  https://www.tutorialspoint.com/python-script-to-restart-comp...

  You can also use two scripts for security:

  1. One that’s privileged for the shutdown command.

  2. One with no privileges to accept the network request (eg Flask/REST), safely parse it, and send a message to process 1.

  You could send the message in many ways. It doesn’t even have to be parsed or contain more than one byte. The reboot process might act if it receives any message from the other process in their dedicated channel.

  Set both of these processes to run on startup however you normally do on your system.

  If not a message, you could have the network enabled process write to a file in a shared directory. The reboot process periodically checks for the file’s existence. If it sees it, then it reboots the system. That file can be cleared on startup. I say on startup to reduce the risk of any kind of contention causing a problem later on.

  The reboot process could also be easily ported to a systems language for resource efficiency. I’d keep the network-facing app in a memory-safe language just in case. D or Rust could handle both, though.

• by elintknower on 3/27/24, 11:28 PM

  After one of my AWS accounts (with 2fa and an email I basically never used) was compromised I'm incredibly careful to expose services like this onto the public internet. What steps did you take to ensure the pipeline of your app to server endpoints was secure and in theory not vulnerable to someone traulling open ssh ports etc?

• by doublerabbit on 3/27/24, 6:22 PM

  Does it have FreeBSD support and any instructions for not using it with docker?

• by jokethrowaway on 3/27/24, 8:43 PM

  neat but ssh from your phone is hard to beat

  Sharing my current use case in case it's useful:

  reboot PARTITION: to reboot to a different partition

  systemctl stopping a service and starting another

  launching a wget checking if wget is still up and hasn't crashed

• by branon on 3/27/24, 9:18 PM

  > on-premise

  I think the correct term here would be "on-premises".

  A premise and a premises are not related concepts except in the sense that the "premise" of this comment is to let you know that "premises" is the correct term to use.

  I'll also accept "on-prem" because it could reasonably be a shortened form of "on-premises" (even though most people probably don't realize this and are instead reinforcing their misconception when they use it).

• by INTPenis on 3/27/24, 6:10 PM

  I think it's very complicated and I'm not sure what it does, or why it has a go http server and calls itself a specification.

  But it's clear that your goal is to reboot on-prem servers through your phone. Something I've wanted to do with rundeck and a very simple web app that uses the rundeck API.