{"slug": "show-hn-trustmux-lightweight-secure-daemon-for-mobile-shell-access", "title": "Show HN: Trustmux – Lightweight Secure Daemon for Mobile Shell Access", "summary": "Dustin Kirkland released Trustmux, an open-source daemon that provides secure, asynchronous access to tmux and Byobu sessions via a Progressive Web App with real TLS encryption and Tailscale-backed privacy, solving the problem of unreliable mobile shell connections.", "body_md": "I'm Dustin Kirkland, author of Byobu[1]. I built Trustmux[2] to solve a personal problem: secure, encrypted access to my tmux[3] and Byobu sessions from my phone, without the pain of other mobile shell approaches.\n\nI run long-lived shells, Claude, and other sessions in the background on my workstation, and I needed to check in from mobile — securely, with real TLS certificates and Tailscale-backed privacy, not some insecure workaround.\n\nWhy not SSH / Mosh / Claude Mobile?\n\n- SSH/Mosh: Synchronous connection state is brutal on mobile. Latency, network handoffs between WiFi and cellular, laggy UX — neither felt designed for how people actually use phones. - Claude Mobile: Great for Claude, but locked to Claude. I wanted tool flexibility — shell commands, multiple code assistants, whatever's running in my tmux session.\n\nThe key insight behind Trustmux: mobile terminal access needs to be asynchronous, not synchronous. Connect, run a command, disconnect — without maintaining fragile connection state the whole time.\n\nTrustmux\n\nA lightweight daemon that provides access to your tmux or Byobu sessions as a secure PWA (Progressive Web App). Real TLS certificates, encrypted end-to-end. Two deployment options:\n\n- Tailscale: Automatic cert provisioning via tailscale serve, zero-trust networking, seamless pairing with a 6-digit code. Your workstation binds to your Tailscale IP — private, encrypted, no port forwarding. - Direct networking: Or, you can run Trustmux have it bind to your local network address and handle the port forwarding yourself. - Self-managed: You can use Tailscale's certificate provisioning, or bring your own certificate, or use self-signed certs too.\n\nI've been running this in production on my own workstation for a while now. I recently flew to Australia and was able to keep nudging my jobs along back home, from somewhere over the Pacific with 700ms of latency and it was a like a dream come true!\n\nInstallation\n\nAvailable on Ubuntu, Debian, and Fedora development repositories, plus pip, Homebrew, and PPA:\n\npip install trustmux # or brew tap dustinkirkland/trustmux brew install trustmux # or via PPA sudo add-apt-repository ppa:byobu/ppa && sudo apt install trustmux\n\nQuick Start (3 commands)\n\ntrustmux enable # start at login trustmux start # fire up the daemon trustmux pair # generate pairing URL + 6-digit code (will show a qr code if qrencode is installed)\n\nOpen the URL on your phone browser, enter the code, tap \"Add to Home Screen.\" Done.\n\nKey Design Points\n\n- Asynchronous by design: Connect, run commands, disconnect. No laggy synchronous state to babysit. - Real encryption: TLS certificates (real or self-signed), no compromises. Tailscale handles the network privacy layer (unless you want setup your firewalls and port forwards). - Lightweight mobile app: It's a PWA -- just a web interface. - Works offline: The UI shell is cached; reconnects silently when you're back online. - True multiplexing: Full access to all your tmux panes, windows, and sessions. Type, attach, detach — all from your phone. - Tool-agnostic: Use Claude, any other code assistant, shell commands — whatever you want in your tmux sessions.\n\nUnder the Hood\n\n- Implemented in python, talks directly to tmux via libtmux, streams live terminal output asynchronously (no polling) - WebSocket-based updates keep the UI responsive even on slow connections - Uses Tailscale for network privacy (or bring your own network and/or cert) - Lightweight daemon — negligible CPU/memory overhead - PWA architecture: offline-capable, installable, updates silently in the background\n\nThe code is at [https://github.com/dustinkirkland/byobu](https://github.com/dustinkirkland/byobu) (trustmux is part of Byobu, GPLv3). The \"tmux\" at the end of \"Trustmux\" honors the \"tmux\" project and the awesome library that is libtmux, but Trustmux/Byobu are not affiliated with the Tmux project.\n\n[1] [https://byobu.org](https://byobu.org)\n[2] [https://trustmux.dev](https://trustmux.dev)\n[3] [https://tmux.us](https://tmux.us)\n\nComments URL: [https://news.ycombinator.com/item?id=48619779](https://news.ycombinator.com/item?id=48619779)\n\nPoints: 2\n\n# Comments: 0", "url": "https://wpnews.pro/news/show-hn-trustmux-lightweight-secure-daemon-for-mobile-shell-access", "canonical_source": "https://trustmux.dev", "published_at": "2026-06-21 15:30:00+00:00", "updated_at": "2026-06-21 16:04:14.933215+00:00", "lang": "en", "topics": ["developer-tools", "ai-tools", "ai-infrastructure"], "entities": ["Dustin Kirkland", "Byobu", "Trustmux", "tmux", "Tailscale", "Claude", "libtmux", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/show-hn-trustmux-lightweight-secure-daemon-for-mobile-shell-access", "markdown": "https://wpnews.pro/news/show-hn-trustmux-lightweight-secure-daemon-for-mobile-shell-access.md", "text": "https://wpnews.pro/news/show-hn-trustmux-lightweight-secure-daemon-for-mobile-shell-access.txt", "jsonld": "https://wpnews.pro/news/show-hn-trustmux-lightweight-secure-daemon-for-mobile-shell-access.jsonld"}}