A Simple Pair Programming Setup with SSH and Tmux
How to pair with remote developers
Pears - 259 by Apple and Pear Australia Ltd is licensed under CC BY 2.0
Here at Collective Idea, we do a lot of pair programming. We also believe in remote working. When pairing with any of our remote developers, we typically use a combination of SSH and tmux. There are a lot of good articles on this type of setup, but we've settled on an easy solution that works well.
Create An Account Alias
The first step is to create an alias for your main user account. While this is optional, it's good to be consistent so that you aren't required to know each developer's actual username.
From the Users & Groups pane in System Preferences, right click on your user account and click Advanced Options.
From the Advanced Options pane, add an alias for your pair to use when connecting to your machine.
Configure SSH
Next we'll want to turn on Remote Login from the Sharing pane in System Preferences.
And update our SSH login settings to turn password authentication off and only allow public-key authentication.
# /etc/sshd_config
PasswordAuthentication no
...
ChallengeResponseAuthentication no
Note: You will need to restart sshd for these changes to take effect. On a Mac, this is done by toggling Remote Sharing from the Sharing pane in System Preferences.
Setup Remote Users
Because we've configured SSH to only allow public-key authentication, we will need to add the public-key of our pair user(s) to the authorized\_keys file.
> cat pair_rsa.pub >> ~/.ssh/authorized_keys
Once we have our pair user's public-key added to our authorized\_keys file, we need to edit this file to ensure any user that connects to our machine is automatically connected to our tmux session.
# ~/.ssh/authorized_keys
command="/usr/local/bin/tmux attach -t pair" ABCDEFGHIJKLMNOPQRSTUVXYZ pair@user.com
This ensures that anyone who connects via SSH is automatically attached to a tmux session called pair.
Putting It All Together
Once everything is setup, all you have to do in order to create a pair session is:
-
Create a tmux session called
pair
> tmux new-session -s pair
- Have your pair SSH into your machine
> ssh pair@hostname
- Profit
With this setup, someone will only be able to SSH into your machine if there is an existing tmux session called pair. If someone is already connected and you close the pair tmux session, they will be automatically disconnected from the SSH session as well.
Another benefit is that you will be prompted for your passphrase (you are using a passphrase, right?) anytime your private key is used. This prevents your pair from doing anything bad on your behalf without your consent.
One More Thing
I've created a shell script that automates these steps so that we can setup our machines for pairing easily and consistently. It relies on the great github-auth gem to easily grab public-keys from GitHub. You will need to modify the gh-auth command below for the pair user's GitHub username.
Disclaimer: Due to the nature of what we're doing, some the commands below use sudo. Proceed with caution!
#!/bin/sh
# create an account alias
sudo dscl . -append /Users/$USER RecordName Pair pair
# configure sshd to only allow public-key authentication
sudo sed -E -i.bak 's/^#?(PasswordAuthentication|ChallengeResponseAuthentication).*$/\1 no/' /etc/sshd_config
# add pair user public key(s)
touch ~/.ssh/authorized_keys
gh-auth add --users githubuser --command="$( which tmux ) attach -t pair"
If you have a great tip for pairing or otherwise, let us know in the comments. Happy hacking!
Update: Thanks to skywhopper on Hacker News, we’ve updated the sed command above to a one liner to ensure that we’re backing up our original sshd_config file.
Check out our latest product, Dead Man’s Snitch for monitoring cron, heroku scheduler or any periodic task.
Comments
This is awesome!
I personally prefer Screenhero for remote pair programming, since it simplifies set up, handles NAT traversal, shares the entire screen, gives both sides a mouse cursor each, and is now comparable in speed to tmux. Have you tried it?
JS
I would assume you are all primarily mac users, then?
I was just made aware of this (awesome looking) beta software that simplifies code collaboration and pair programming from remote locations. It is expected to launch beta in just 3 days.
https://kobra.io/
There are some tools to do pretty much the same thing at https://github.com/livingsocial/ls-pair
Wow… I was literally going to write this same blog post. I had done this recently with a co-worker and found it to work extremely well.
One tip I wanted to share with you (or your readers). We used https://ngrok.com/ to allow my pair to connect to my machine over the web and see our changes in real time. Instead of having to do a deploy or push.
Thanks for the feedback. There’s a lot of great alternatives here if we ever outgrow this setup.
Brandon: I’ve read a lot of good things about ngrok but haven’t had the chance to try it out myself. Our remote folks VPN into our network so we don’t usually have a need for ngrok, but it’s definitely in my queue to try. Thanks!
Could you explain how you are able to pair once you are both logged into the same machine? Does the tmux command mean that both developers can see the same terminal?
Alex: Yes, the steps above should result in you and your pair sharing the same tmux session which is essentially a shared terminal in this context. From there, we typically use VIM as our code editor in one tmux window and a shell prompt in a second tmux window (for tests, rails console work, etc.).
Don’t you mean
> cat pair_rsa.pub >> ~/.ssh/authorized_keys
instead of
> echo pair_rsa.pub >> ~/.ssh/authorized_keys
?
Jonny: Doh, yes. Thanks for the heads up!
I use github-auth(https://github.com/chrishunt/github-auth) to add/delete keys to my authorized_keys. Saves some time. It requires the user to be on Github though which doesn’t sound like a problem to me.
Maybe ngrok offers added bells and whistles, but ssh -L 3000:localhost:3000 has suited my needs when pairing. Seems like it’d fit for Brandon’s as well.
Personally, I prefer not to give someone SSH access to my account on my machine and instead setup a socket file that we both have group permissions to use and fire ```tmux -S /tmp/pairshare attach”.
If I’ve got a single Ubuntu 13.10 PC, with 2 users ‘me’ and ‘otherguy’, I wonder if it is possible to get screen/tmux (I use byobu actually) to create a global/system-wide kind of session which both users (either logged in locally/remotely) are able to share the same session? (ignore security concerns for this)
Nvm, @cheapRoc’s comment on using a socket works.
If you have a dynamic public ip address how are you doing the DNS lookup of “user.com” ?
Thanks for the article
Chris
Chris
Chris: The user.com domain was just an example. Using a public IP address (or private via VPN as we do) should work just fine.
i have show that to my classmate years ago.
and if you want to share X sessions , maybe you could try xrpa
“Personally, I prefer not to give someone SSH access to my account on my machine and instead setup a socket file that we both have group permissions to use and fire ```tmux -S /tmp/pairshare attach”.”
Newbie question: Why is this more secure?
Hmm… I get it..
But is it secure ? please explain..
Thanks