forked from nicopace/tmate.io
/
index.html
69 lines (69 loc) · 12 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<!DOCTYPE html><html><head><meta content="width=device-width, initial-scale=1.0" name="viewport" /><meta content="text/html; charset=UTF-8" http-equiv="Content-Type" /><link href="/css/bootstrap.min.css" media="screen" rel="stylesheet" /><link href="/css/main.css" media="screen" rel="stylesheet" /><title>tmate • Instant terminal sharing</title></head></html><body><div class="container"><a href="https://github.com/tmate-io/tmate"><img style="position: absolute; top: 0; right:0; border: 0; width: 149px; height: 149px;" src="/img/fork-me-on-github-right-orange@2x.png" alt="Fork me on GitHub"></a><div class="hero-unit"><h1>tmate</h1><h2>Instant terminal sharing</h2></div><div class="row"><div class="span6"><div class="video linux"></div></div><div class="span6"><div class="video macos"></div></div></div><div class="row"><div class="span12"><div class="steps"><h3 class="launch">Launch</h3><h3 class="share"> Share</h3><h3 class="pair"> Pair</h3></div></div></div><hr /><div class="row"><div class="span12"><h2>Installation</h2><p>tmate is a fork of <a href="http://tmux.sourceforge.net/">tmux</a>.
tmate and tmux can coexist on the same system.</p><div class="tabbable"><ul class="nav nav-tabs"><li class="active"><a data-toggle="tab" href="#macosx">Mac OS X</a></li><li><a data-toggle="tab" href="#ubuntu">Ubuntu</a></li><li><a data-toggle="tab" href="#freebsd">FreeBSD</a></li><li><a data-toggle="tab" href="#gentoo">Gentoo</a></li><li><a data-toggle="tab" href="#static">Static Builds</a></li><li><a data-toggle="tab" href="#source">Source</a></li></ul><div class="tab-content"><div class="tab-pane active" id="macosx"><pre>brew install tmate</pre><p>Note: <a href="http://brew.sh/">Homebrew</a> is required as a prerequisite.</p></div><div class="tab-pane" id="ubuntu"><p>We provide a PPA with builds for Ubuntu 14.04 and up.</p><pre>sudo apt-get install software-properties-common && \
sudo add-apt-repository ppa:tmate.io/archive && \
sudo apt-get update && \
sudo apt-get install tmate</pre><p>You may install the <code>tmate-nightly</code> package for daily builds.</p><p>The official tmate Ubuntu packages are maintained by <a href="https://github.com/chilicuil">Javier López</a>.</p></div><div class="tab-pane" id="freebsd"><pre>pkg install tmate</pre><p>The FreeBSD packages are maintained by <a href="https://github.com/swills">Steve Wills</a>.</p></div><div class="tab-pane" id="gentoo"><pre>emerge tmate</pre></div><div class="tab-pane" id="static"><p>We provide x86 linux static builds for convenience.</p><p>Binaries can be found on the <a href="https://github.com/tmate-io/tmate/releases/latest">GitHub release page</a></p></div><div class="tab-pane" id="source"><p>Sources are on GitHub:
<a href="https://github.com/nviennot/tmate">https://github.com/tmate-io/tmate</a>.<br /></p><p>Once downloaded, compile and install with the following:</p><pre>./autogen.sh && \
./configure && \
make && \
make install</pre><p>A few dependencies are required. The Ubuntu package names are:<br />
git-core build-essential pkg-config libtool libevent-dev libncurses-dev zlib1g-dev automake libssh-dev libmsgpack-dev</p></div></div></div><div class="social-buttons"><div class="github"><iframe src="http://tmate.io/github-btn.html?user=tmate-io&repo=tmate&type=watch&count=true" allowtransparency="true" frameborder="0" scrolling="0" width="100" height="20"></iframe></div></div></div></div><hr /><div class="row"><div class="span12"><h2>Usage</h2><ul><li>Once installed, simply launch tmate with <code>tmate</code>.</li><li>Run <code>tmate show-messages</code> in your shell to see tmate's log
messages, including the ssh connection string.</li><li>tmate also allow you to share a read-only view of your terminal.
The read-only connection string can be retreived with <code>tmate show-messages</code>.</li><li>tmate uses both <code>~/.tmux.conf</code> and <code>~/.tmate.conf</code>
configuration files.</li><li>Your mates will be using your tmux config and your key bindings.</li><li>The terminal is forced to 256 colors and UTF-8, so you don't need to pass
<code>-2</code> as you may be used to do with tmux.</li></ul></div></div><hr /><div class="row"><div class="span12"><h2>Running tmate as a daemon</h2><p>You can run tmate detached, and retrieve the SSH connection strings as follow:</p><pre>tmate -S /tmp/tmate.sock new-session -d # Launch tmate in a detached state
tmate -S /tmp/tmate.sock wait tmate-ready # Blocks until the SSH connection is established
tmate -S /tmp/tmate.sock display -p '#{tmate_ssh}' # Prints the SSH connection string
tmate -S /tmp/tmate.sock display -p '#{tmate_ssh_ro}' # Prints the read-only SSH connection string
tmate -S /tmp/tmate.sock display -p '#{tmate_web}' # Prints the web connection string
tmate -S /tmp/tmate.sock display -p '#{tmate_web_ro}' # Prints the read-only web connection string</pre><p>Note that it is important to specify a socket (e.g. <code>/tmp/dev.sock</code>)
as tmate uses a random socket name by default.</p><p>You can think of tmate as a reverse ssh tunnel accessible from anywhere.</p></div></div><hr /><div class="row"><div class="span12"><h2>Host your own tmate server</h2><p>The server sources are located at <a href="https://github.com/tmate-io/tmate-slave">https://github.com/tmate-io/tmate-slave</a>.</p><p>You need a Linux distribution as tmate utilizes linux specific features.</p><p>tmate also depends on a couple of packages. On Ubuntu, the packages are:<br />
git-core build-essential pkg-config libtool libevent-dev libncurses-dev zlib1g-dev automake libssh-dev cmake ruby</p><p>Once all the prerequisites are satisfied, you can install tmate-slave with:</p><pre>git clone https://github.com/tmate-io/tmate-slave.git && cd tmate-slave
./create_keys.sh # This will generate SSH keys, remember the keys fingerprints.
./autogen.sh && ./configure && make
sudo ./tmate-slave</pre><p>The usage of tmate-slave is:</p><pre>tmate-slave [-k keys_dir] [-l logfile] [-p port] [-h host] [-v]</pre><p>Once your server is running, you must configure the clients to use your custom server. <br />
You may specify your custom options in the <code>~/.tmate.conf</code> file. Here are the default options:</p><pre>set -g tmate-server-host "ssh.tmate.io"
set -g tmate-server-port 22
set -g tmate-server-rsa-fingerprint "af:2d:81:c1:fe:49:70:2d:7f:09:a9:d7:4b:32:e3:be"
set -g tmate-server-ecdsa-fingerprint "c7:a1:51:36:d2:bb:35:4b:0a:1a:c0:43:97:74:ea:42"
set -g tmate-identity "" # Can be specified to use a different SSH key.</pre><p>If you are interested in fault tolerance, you may
setup the <code>tmate-server-host</code> host to resolve to multiple IPs.<br />
The tmate client will try them all, and keep to the most responsive one.<br />
<code>ssh.tmate.io</code> resolves to seven servers located in
San Fransisco, New York, Torondo, London, Amsterdam, Frankfurt, and Singapore.</p></div></div><hr /><div class="row"><div class="span12"><h2>Technical Details</h2></div><div class="span6"><p>Figure 1 depicts the architecture diagram with the different components of
the system. The following describes the connection process with its
security considerations, the protocol used between the two tmux servers,
and the roadmap of tmate.</p><h4>Connection process</h4><p>When launching tmate, an ssh connection is established to tmate.io (or your own server) in the
background through <a href="http://www.libssh.org/">libssh</a>.
The server ssh key signatures are specified upfront and are verified
during the DH exchange to prevent
<a href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">man in the middle attacks</a>.
The client is authenticated with local ssh keys.</p><p>When a connection is established, a 150 bits session token is
generated, then a tmux server is spawned in a jail with no file system, with
its own <a href="http://lwn.net/Articles/531114/#series_index">PID namespace</a> to isolate the server from other processes, and no user
privileges. To allow this, all files required during the tmux server
execution are opened before getting jailed. These measures are in place to limit
the usefulness of possible exploits targeting the tmux server. The attacker
would not be able to access other sessions, ensuring confidentiality.</p><p>When a mate connects to tmate.io (or your own server) with the ssh command, the tmux unix
socket is looked up on the file system. On lookup failures, a random sleep
is performed to prevent <a href="http://en.wikipedia.org/wiki/Timing_attack">timing attacks</a>,
otherwise a tmux client is spawned and connected to the remote tmux
server.</p></div><div class="span6"><div class="fig"><img src="/img/arch.svg" /></div><p class="fig-label"><span>Figure 1:</span> Simplified Architecture Diagram</p></div></div><div class="row"><div class="span6"><h4>Protocol</h4><p>The local and remote tmux servers communicate with a protocol on top of
<a href="http://msgpack.org/">msgpack</a>, which is gzipped over ssh for
network bandwidth efficiency as vim scrolling can generate massive amounts
of data.</p><p>In order to keep the remote tmux server in sync with the local tmux
server, PTY window pane's raw outputs are streamed individually as opposed
to synchronizing the entire tmux window. Furthermore, window layouts,
status bar changes, and copy mode state are also replicated. Finally, most
of the tmux commands (like bind-key) are replicated. This ensures that the
key bindings are the same on both side.</p><p>The remote client's keystrokes are parsed and the outcome is sent to the
local tmux server. This includes tmux commands such as split-window,
window pane keystrokes, or window size information.</p><p>This protocol ensure portability for future work such as a HTML5 client.</p></div><div class="span6"><h4>Future Work</h4><p>This project can take many interesting directions. <br />
Here is what I have on the roadmap:</p><ul><li>Make the user experience top notch. Please
<a href="https://github.com/tmate-io/tmate/issues">submit bug reports</a>
when you see issues.</li><li>Tolerate network failures. Dealing with reconnections and roaming (IP
changes) similarly to what <a href="http://mosh.mit.edu/">Mosh</a> offers.</li><li><del>Support for read-only clients. This would be easy to do by providing
another session token, distinct from the read-write access one.</del></li><li>Each participants should be able to have their own tmux config.</li><li><del>Getting low latencies for everyone requires having nodes spread out
all over the globe.</del></li><li>HTML5 client with fullscreen support, with audio.</li><li>Record sessions to provide replay and full text search.</li><li>Being able to make certain session public. This would be useful
to pair people with similar interests, or to do screencasts.</li></ul></div></div><hr /><div class="row"><div class="span12"><h2>Get in touch</h2><p>If you'd like to get in touch, here are your options:</p><ul><li>Submit bug reports on github: <a href="https://github.com/tmate-io/tmate/issues">https://github.com/tmate-io/tmate/issues</a>.</li><li>Join us on IRC <a href="irc://irc.freenode.net/tmate">#tmate (freenode)</a>.</li><li>Post a message on Google Groups: <a href="https://groups.google.com/group/tmate-io">https://groups.google.com/group/tmate-io</a>.</li><li>Or send an email to <a href="mailto:tmate-io@googlegroups.com">tmate-io@googlegroups.com</a>.</li></ul><p>Enjoy,<br />
Nico.</p></div></div></div><script src="/js/jquery-2.0.2.min.js"></script><script src="/js/bootstrap.min.js"></script><script src="/js/main.js"></script><div class="footer"><div class="container"><div class="row"><div class="span12"><div class="digitalocean"><p>Proudly hosted by</p><p><a href="https://www.digitalocean.com/"><img src="/img/digitalocean.png" alt="DigialOcean"/></a></p></div></div></div></div></div><script>(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create', 'UA-41775490-1', 'tmate.io');ga('send', 'pageview');</script></body>