ops0ops0
App

Terminal

Open a full PTY shell to any Hive-connected server directly from your browser. No SSH client, no VPN, no open inbound ports required.

How It Works

The Hive agent maintains a persistent outbound WebSocket tunnel to ops0. When you open a terminal session, ops0 routes the PTY over that tunnel to your server. The shell runs natively on the server — you get the same experience as SSH with full terminal emulation.

Browser ──► ops0 backend ──► Hive tunnel ──► Shell on server
   PTY input/output routed over WebSocket (port 443 outbound only)

Opening a Terminal

  1. Go to Hive → Agents
  2. Click the agent (server) you want to access
  3. Click Terminal
  4. A shell session opens in the browser

The terminal connects using the agent's reverse tunnel. If the agent is online, the connection typically establishes within 1–2 seconds.

Terminal Features

FeatureDetails
Full PTYTab completion, arrow keys, cursor movement, and interactive programs all work
Auto-resizeTerminal dimensions update as you resize the browser panel
Multi-sessionOpen multiple terminals to the same or different agents simultaneously
Copy/pasteStandard browser copy (Ctrl+C / Cmd+C) works on selected text
ScrollbackScroll up to review command history within the current session

Idle Timeout

Terminal sessions close automatically after 10 minutes of no keyboard input. A warning is shown before the session is terminated. To keep a session alive, press any key or run a command.

Supported Environments

The terminal connects to whatever shell is the default for the user the agent runs as. On most Linux systems this is /bin/bash. On Alpine and minimal containers it falls back to /bin/sh.

Interactive TUI applications work normally: vim, nano, htop, top, less, tmux, screen.

Security

Every terminal session is:

  • Authenticated — requires a valid ops0 account with the hive_terminal IAM permission
  • Tunneled over TLS — all traffic is encrypted end-to-end
  • Audited — session open, duration, and close are recorded in the organization audit log
Access Control
Restrict terminal access using IAM roles. Not every team member needs shell access to production servers. Grant the hive_terminal permission only to engineers who require it.

Fallback: Legacy Direct Connection

If the reverse tunnel is unavailable, Hive can fall back to a direct WebSocket connection to the agent if the server is reachable from the ops0 backend. This is configured per-agent and is only used when the primary tunnel path is degraded.

Troubleshooting

Terminal button greyed out
The agent may be offline or your account lacks the hive_terminal IAM permission. Check agent status on the Agents page and contact your admin to verify your role permissions.
Connection drops immediately
Check the acknowledgment timeout. If the agent is under heavy load, the 10-second connection window may expire. Wait a moment and retry. Check agent logs on the server: journalctl -u hive-agent -n 50.
Terminal renders incorrectly (garbled output)
Some full-screen apps require a specific TERM value. The terminal sets TERM=xterm-256color by default. If you see rendering issues, run export TERM=xterm-256color at the prompt.
PreviousGroups & Tags
NextAlerts & Thresholds