GitHub - mainmeister/hermes-friend-diag-kit: Ever wished you could magically reach into a friend's struggling computer, fix their woes, and walk away without leaving a trace of installed software? · GitHub
/" data-turbo-transient="true" />
Skip to content
Search or jump to...
Search code, repositories, users, issues, pull requests...
-->
Search
Clear
Search syntax tips
Provide feedback
--><br>We read every piece of feedback, and take your input very seriously.
Include my email address so I can be contacted
Cancel
Submit feedback
Saved searches
Use saved searches to filter your results more quickly
-->
Name
Query
To see all available qualifiers, see our documentation.
Cancel
Create saved search
Sign in
/;ref_cta:Sign up;ref_loc:header logged out"}"<br>Sign up
Appearance settings
Resetting focus
You signed in with another tab or window. Reload to refresh your session.<br>You signed out in another tab or window. Reload to refresh your session.<br>You switched accounts on another tab or window. Reload to refresh your session.
Dismiss alert
{{ message }}
mainmeister
hermes-friend-diag-kit
Public
Notifications<br>You must be signed in to change notification settings
Fork
Star
main
BranchesTags
Go to file
CodeOpen more actions menu
Folders and files<br>NameNameLast commit message<br>Last commit date<br>Latest commit
History<br>10 Commits<br>10 Commits
scripts
scripts
templates
templates
LICENSE
LICENSE
README.md
README.md
install.bat
install.bat
remote-diag-kit.md
remote-diag-kit.md
stop.bat
stop.bat
View all files
Repository files navigation
FRIEND DIAGNOSTICS KIT
What this does
Lets a remote friend securely SSH into this PC from their own computer<br>to help diagnose problems. No password needed — the kit installs the<br>operator's public key on your machine, so they log straight in.<br>The connection runs through Cloudflare's network using a named tunnel —<br>no port forwarding, no firewall holes exposing you to the wider internet,<br>no quick-tunnel expiry.
What's on the USB stick:<br>cloudflared.exe Cloudflare's tunnel client (Windows portable)<br>config.yml Tunnel configuration (routes SSH to localhost:22)<br>friend-diag-credentials.json Tunnel credentials (KEEP THIS SECRET — it<br>authorises anyone holding it to run the tunnel)<br>install.bat Wrapper to bypass PowerShell execution policies<br>(Right-click -> Run as Administrator)<br>setup-openssh.ps1 Run once as Administrator to enable OpenSSH Server<br>(also installs the operator's public key)<br>connect.bat Double-click to start the tunnel<br>stop.bat Stops cloudflared if the window is in the way<br>README.txt This file
ONE-TIME SETUP (you only do this once per PC)
Right-click "install.bat" (or "setup-openssh.ps1" if install.bat is missing)
Choose "Run as Administrator"
Click "Yes" on the UAC prompt
Wait for "Done!" (about 30 seconds)
Note the Windows username it prints at the end<br>(or open PowerShell any time and type: whoami)
Send that username to your friend (you do NOT need to send a password<br>— the kit uses passwordless key auth)
EVERY TIME YOU WANT HELP
Double-click "connect.bat"
A black window opens. Wait until you see a line that says<br>"Registered tunnel connection" — that means the tunnel is up.<br>(Usually 5-15 seconds.)
Tell your friend: "Tunnel is up, you can SSH in now."<br>They'll SSH in using your Windows username.
LEAVE THE WINDOW OPEN while your friend is working.
When done, just close the window (or run "stop.bat").
Unlike the previous version of this kit, the URL is now<br>{{HOSTNAME}}.{{YOUR_DOMAIN}} — it stays the same every time and<br>doesn't expire after 90 days.
TROUBLESHOOTING
"sshd service not found" or "service did not start":<br>Re-run setup-openssh.ps1 as Administrator.
Friend says "connection refused" or "no route to host":<br>Make sure connect.bat is still running on this PC and showing<br>"Registered tunnel connection" lines.
Friend says "permission denied (publickey)":<br>Re-run setup-openssh.ps1 as Administrator. Step 4 installs the<br>operator's public key into BOTH your personal authorized_keys file<br>AND the system-wide one (C:\ProgramData\ssh\administrators_authorized_keys)<br>that Windows OpenSSH Server actually checks for admin accounts.<br>If that step didn't complete, the operator has no key to use.<br>Also: the operator may have typed the username wrong. Yours is the<br>one printed at the end of setup-openssh.ps1.
"Windows Defender SmartScreen prevented an unrecognized app":<br>Click "More info" then "Run anyway". cloudflared is signed by<br>Cloudflare but SmartScreen warns on first run.
"Execution of scripts is disabled on this system":<br>Windows is blocking .ps1 files. Right-click install.bat and select<br>"Run as Administrator". This batch script automatically bypasses the<br>execution policy to run the setup.
"failed to fetch configuration" or "tunnel not found":<br>The credentials file is missing or wrong. Verify<br>friend-diag-credentials.json is in the same folder as<br>cloudflared.exe.
WHAT YOUR FRIEND CAN SEE
When connected, your friend has a PowerShell prompt...