feiyang's blog

费洋的博客

0%

tmate 终端共享

Posted on In Disqus:

如何将你的 terminal 共享给他人,一起协同工作,结对编程呢? 在这里安利 tmate Instant terminal sharing

安装

官网上有详细的,各种操作系统的安装教程, 同时也安利一篇参考的文章 终端共享神器tmate简明教程

mac

前提是先安装好 brew 

1
2
3
4
5
brew install tmate

# 检查版本,最新的 V2.4.0
FEIYANG@MAC ~ % tmate -V
tmate 2.4.0

ubuntu

Ubuntu 上面通过 apt 安装的是 tmate 2.2.1

1
2
3
4
5
6
7
8
sudo apt update

sudo apt install -y tmate

# 安装最新版本
curl -L https://github.com/tmate-io/tmate/releases/download/2.4.0/tmate-2.4.0-static-linux-amd64.tar.xz|tar xJv

mv tmate-2.4.0-static-linux-amd64/tmate /usr/bin/tmate

使用

首先要确保自己有 SSH key, 如果没有,必须先生成一个

1
ssh-keygen

结对编程

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# run tmate
tmate

Tip: if you wish to use tmate only for remote access, run: tmate -F                                                                                                           [0/0]
To see the following messages again, run in a tmate session: tmate show-messages
Press <q> or <ctrl-c> to continue
---------------------------------------------------------------------
Connecting to ssh.tmate.io...
Note: clear your terminal before sharing readonly access
web session read only: https://tmate.io/t/ro-86Kbnayp3sU5zm8HZcNUGKxB4
ssh session read only: ssh ro-86Kbnayp3sU5zm8HZcNUGKxB4@sgp1.tmate.io
web session: https://tmate.io/t/ZkWhcPLmKA7wDhc7PzUgNCBHs
ssh session: ssh ZkWhcPLmKA7wDhc7PzUgNCBHs@sgp1.tmate.io
# 以上是四种连接方式 ssh、ssh-ro、web和web-ro。其中,ssh、web支持读写访问,ssh-ro、web-ro支持只读访问。

# 分享只读
ssh ro-86Kbnayp3sU5zm8HZcNUGKxB4@sgp1.tmate.io

root@ubuntu18-108:~# w
 16:07:02 up  4:00,  1 user,  load average: 0.00, 0.01, 0.00
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
feiyang  pts/0    192.168.1.125    12:08    0.00s  0.07s  0.01s sshd: feiyang]
root@ubuntu18-108:~# ls
go  snap  tmate-2.4.0-static-linux-amd64
root@ubuntu18-108:~# exit
logout[lost server]
Connection to sgp1.tmate.io closed by remote host.
Connection to sgp1.tmate.io closed.

# 分享读写
ssh session: ssh ZkWhcPLmKA7wDhc7PzUgNCBHs@sgp1.tmate.io

如果还想查看 To see the following messages again, run in a tmate session: tmate show-messages

remote access

Tip: if you wish to use tmate only for remote access, run: tmate -F
如果你想将一台只有内网的机器暴露出来,像 SSH 登录公网 IP 的机器一样, 那你需要 Remote access

1
2
3
4
5
6
7
8
tmate -F

To connect to the session locally, run: tmate -S /tmp/tmate-0/nhlGjc attach
Connecting to ssh.tmate.io...
web session read only: https://tmate.io/t/ro-FNTFCyhhMuE6Vtstm6MZ5gLnR
ssh session read only: ssh ro-FNTFCyhhMuE6Vtstm6MZ5gLnR@sgp1.tmate.io
web session: https://tmate.io/t/sEJnrJCjsx87J2PgUyUgbdPY2
ssh session: ssh sEJnrJCjsx87J2PgUyUgbdPY2@sgp1.tmate.io

安全

因为每次产生的登录地址都是随机的, 一定程度保证了安全性. 但是想做到万无一失, 特别是使用 remote access 的时候, 长期暴露远程登录的时候, 访问控制是非常有必要的.

  • 将你所信任的人 B 的公钥加入到 A 你的~/.ssh/authorized_keys文件中,
  • 启动tmate使用如下命令:当启用 public key 访问控制的时候,web 连接方式就无法使用了。
    1
    2
    3
    4
    tmate -a ~/.ssh/authorized_keys

    # A 添加了 public key 的才能成功访问
    ssh 8yjGDpk3Vh79xm9rM2QMbKPZj@sgp1.tmate.io
    如果 C 没有保存公钥到 A 的~/.ssh/authorized_keys文件中,访问就会被拒绝
    1
    2
    3
    4
    5
    6
    ssh 8yjGDpk3Vh79xm9rM2QMbKPZj@sgp1.tmate.io
    The authenticity of host 'sgp1.tmate.io (188.166.207.127)' can't be established.
    RSA key fingerprint is SHA256:Hthk2T/M/Ivqfk1YYUn5ijC2Att3+UPzD7Rn72P5VWs.
    Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
    Warning: Permanently added 'sgp1.tmate.io,188.166.207.127' (RSA) to the list of known hosts.
    8yjGDpk3Vh79xm9rM2QMbKPZj@sgp1.tmate.io: Permission denied (publickey).