DEV Community

Cover image for Hublo: a web desktop that runs as your own Unix user over SSH — with a sandboxed app store
Aurelien Dippe
Aurelien Dippe

Posted on

Hublo: a web desktop that runs as your own Unix user over SSH — with a sandboxed app store

I wanted a way to let a non-technical teammate operate a Linux server without ever opening a terminal — move files, check logs, restart things — without handing them root or a scary control panel. That turned into Hublo: a macOS-style desktop, in the browser, for your server.

There are two design decisions I think are worth sharing: how it stays safe, and how it lets strangers ship apps you can install without trusting their code.

👉 Source (MIT): https://github.com/adsofts/hublo — there's a 30-second demo at the top of the README.

1. The security model: it only does what you can

Most server web UIs (Cockpit, Webmin…) run a privileged daemon as root. That's a big, permanent attack surface.

Hublo takes the opposite approach. When you log in with your normal Unix username + password, the gateway opens an SSH session to localhost as you, and performs every action through it:

  • files via SFTP
  • the terminal via a real PTY
  • everything else via exec

Top comments (0)