LINBIT Support Tunnel

A customer-initiated, customer-revocable, fully recorded remote session for LINBIT support staff. No persistent install, no inbound firewall rules — you run one script.

Get the scripts

linbit-tunl

For the customer. Run this on the machine you want a LINBIT engineer to reach. Single Python file, stdlib only, Python 3.6+.

curl -fOL https://tunl.linbit.com/dl/linbit-tunl && chmod +x linbit-tunl

Download linbit-tunl

linbit-tunl(1) reference — flags, hotkeys, environment

tunl

For LINBIT support engineers. Joins a session that a customer has opened.

curl -fOL https://tunl.linbit.com/dl/tunl && chmod +x tunl

Download tunl

tunl(1) reference — subcommands, environment, exit status

Distribution packages (.rpm / .deb) are available for the customer-side scripts when an OS package fits your environment better.

Verify the relay

Before running the scripts you can verify out-of-band that this host is the one your LINBIT contact named. The two CA public keys below are the trust anchors for SSH host authentication and for the ephemeral certificates the relay signs for customer sessions. 

host CA public key
loading…
session CA public key
loading…

How it works

  1. LINBIT support gives you a four-word session ID (adjective-noun-verb-noun).
  2. You run linbit-tunl <session-id>. The script opens an outbound SSH connection to this relay over port 443.
  3. Support joins. You see them join and can chat in the same window. Close the window to end the session.

What gets recorded

Every session is recorded server-side, on this relay:

A copy of the terminal recording is also written on your side (path printed at session end), so you can keep your own record.

Read more

Short, customer-and-support-facing summaries:

Full versions with deployment, protocol, and API detail: architecture · security · quickref.

Trouble?

If the page or the script doesn't work for you, contact your LINBIT support representative and quote the version below and any req= identifier you see in error output.