HACKER Q&A
📣 hiAndrewQuinn

How does `lnav` run its playground which you can just SSH into?


https://lnav.org/ has a feature that single handedly sold me on trying out the fantastic software: An SSH-reachable playground. It's right there above the fold on the first page: ssh://playground@demo.lnav.org

I want to build a similar playground for people who want to get familiar with the tools my Shell Bling Ubuntu repo provides ( https://github.com/hiAndrewQuinn/shell-bling-ubuntu ). Ideally it consists of a series of very simple tasks to get one's feet wet with each tool provided: Using fish's autocompletion, then using fzf's shell keybindings, then using rg instead of grep to search an enormous number of files for a single needle character in a million lines of wheat , and so on.

I have no clue how to do this safely. I've never seen how anyone else does it either. Can anyone provide me some pointers?

  👤 jamessb Accepted Answer ✓
It looks like they run an SSH server inside a Docker container defined by this Dockerfile [1]. This uses the ForceCommand directive in the sshd_config file to ensure that a specific command is run when a user connects (rather than the user connecting directly to a shell).

Depending on whether the user connects as the `playground` or `tutorial1` user they interact with a bash script that is either [2] or [3]; these run lnav, using the timeout command to limit how long users are connected for, and to kill the lnav process if it gets stuck.

[1]: https://github.com/tstack/lnav/blob/master/demo/Dockerfile

[2]: https://github.com/tstack/lnav/blob/master/docs/tutorials/pl...

[3]: https://github.com/tstack/lnav/blob/master/docs/tutorials/tu...

👤 rpgwaiter
I would imagine the ssh server runs a command when someone connects that spins up a container that you're ultimately SSH-ing into. Doing this at any scale is interesting, maybe they put you in a lambda instance or something similar?

lnav seems to lock you into their logfile program, which may add another layer of safety.