I run long-lived shells, Claude, and other sessions in the background on my workstation, and I needed to check in from mobile — securely, with real TLS certificates and Tailscale-backed privacy, not some insecure workaround.
Why not SSH / Mosh / Claude Mobile?
- SSH/Mosh: Synchronous connection state is brutal on mobile. Latency, network handoffs between WiFi and cellular, laggy UX — neither felt designed for how people actually use phones. - Claude Mobile: Great for Claude, but locked to Claude. I wanted tool flexibility — shell commands, multiple code assistants, whatever's running in my tmux session.
The key insight behind Trustmux: mobile terminal access needs to be asynchronous, not synchronous. Connect, run a command, disconnect — without maintaining fragile connection state the whole time.
Trustmux
A lightweight daemon that provides access to your tmux or Byobu sessions as a secure PWA (Progressive Web App). Real TLS certificates, encrypted end-to-end. Two deployment options:
- Tailscale: Automatic cert provisioning via tailscale serve, zero-trust networking, seamless pairing with a 6-digit code. Your workstation binds to your Tailscale IP — private, encrypted, no port forwarding. - Direct networking: Or, you can run Trustmux have it bind to your local network address and handle the port forwarding yourself. - Self-managed: You can use Tailscale's certificate provisioning, or bring your own certificate, or use self-signed certs too.
I've been running this in production on my own workstation for a while now. I recently flew to Australia and was able to keep nudging my jobs along back home, from somewhere over the Pacific with 700ms of latency and it was a like a dream come true!
Installation
Available on Ubuntu, Debian, and Fedora development repositories, plus pip, Homebrew, and PPA:
pip install trustmux # or brew tap dustinkirkland/trustmux brew install trustmux # or via PPA sudo add-apt-repository ppa:byobu/ppa && sudo apt install trustmux
Quick Start (3 commands)
trustmux enable # start at login trustmux start # fire up the daemon trustmux pair # generate pairing URL + 6-digit code (will show a qr code if qrencode is installed)
Open the URL on your phone browser, enter the code, tap "Add to Home Screen." Done.
Key Design Points
- Asynchronous by design: Connect, run commands, disconnect. No laggy synchronous state to babysit. - Real encryption: TLS certificates (real or self-signed), no compromises. Tailscale handles the network privacy layer (unless you want setup your firewalls and port forwards). - Lightweight mobile app: It's a PWA -- just a web interface. - Works offline: The UI shell is cached; reconnects silently when you're back online. - True multiplexing: Full access to all your tmux panes, windows, and sessions. Type, attach, detach — all from your phone. - Tool-agnostic: Use Claude, any other code assistant, shell commands — whatever you want in your tmux sessions.
Under the Hood
- Implemented in python, talks directly to tmux via libtmux, streams live terminal output asynchronously (no polling) - WebSocket-based updates keep the UI responsive even on slow connections - Uses Tailscale for network privacy (or bring your own network and/or cert) - Lightweight daemon — negligible CPU/memory overhead - PWA architecture: offline-capable, installable, updates silently in the background
The code is at https://github.com/dustinkirkland/byobu (trustmux is part of Byobu, GPLv3). The "tmux" at the end of "Trustmux" honors the "tmux" project and the awesome library that is libtmux, but Trustmux/Byobu are not affiliated with the Tmux project.
[1] https://byobu.org [2] https://trustmux.dev [3] https://tmux.us