A Simple Pair Programming Setup with SSH and Tmux
Here at Collective Idea, we do a lot of pair programming. We also believe in remote working. When pairing with any of our remote developers, we typically use a combination of SSH and tmux. There are a lot of good articles on this type of setup, but we’ve settled on an easy solution that works well.
Create An Account Alias
The first step is to create an alias for your main user account. While this is optional, it’s good to be consistent so that you aren’t required to know each developer’s actual username.
From the Users & Groups pane in System Preferences, right click on your user account and click Advanced Options.
From the Advanced Options pane, add an alias for your pair to use when connecting to your machine.
Next we’ll want to turn on Remote Login from the Sharing pane in System Preferences.
And update our SSH login settings to turn password authentication off and only allow public-key authentication.
# /etc/sshd_config PasswordAuthentication no ... ChallengeResponseAuthentication no
Note: You will need to restart
sshd for these changes to take effect. On a Mac, this is done by toggling Remote Sharing from the Sharing pane in System Preferences.
Setup Remote Users
Because we’ve configured SSH to only allow public-key authentication, we will need to add the public-key of our pair user(s) to the
> cat pair_rsa.pub >> ~/.ssh/authorized_keys
Once we have our pair user’s public-key added to our
authorized_keys file, we need to edit this file to ensure any user that connects to our machine is automatically connected to our tmux session.
# ~/.ssh/authorized_keys command="/usr/local/bin/tmux attach -t pair" ABCDEFGHIJKLMNOPQRSTUVXYZ firstname.lastname@example.org
This ensures that anyone who connects via SSH is automatically attached to a tmux session called
Putting It All Together
Once everything is setup, all you have to do in order to create a pair session is:
- Create a tmux session called
> tmux new-session -s pair
- Have your pair SSH into your machine
> ssh pair@hostname
With this setup, someone will only be able to SSH into your machine if there is an existing tmux session called
pair. If someone is already connected and you close the
pair tmux session, they will be automatically disconnected from the SSH session as well.
Another benefit is that you will be prompted for your passphrase (you are using a passphrase, right?) anytime your private key is used. This prevents your pair from doing anything bad on your behalf without your consent.
One More Thing
I’ve created a shell script that automates these steps so that we can setup our machines for pairing easily and consistently. It relies on the great github-auth gem to easily grab public-keys from GitHub. You will need to modify the
gh-auth command below for the pair user’s GitHub username.
Disclaimer: Due to the nature of what we’re doing, some the commands below use
sudo. Proceed with caution!
#!/bin/sh # create an account alias sudo dscl . -append /Users/$USER RecordName Pair pair # configure sshd to only allow public-key authentication sudo sed -E -i.bak 's/^#?(PasswordAuthentication|ChallengeResponseAuthentication).*$/\1 no/' /etc/sshd_config # add pair user public key(s) touch ~/.ssh/authorized_keys gh-auth add --users githubuser --command="$( which tmux ) attach -t pair"
If you have a great tip for pairing or otherwise, let us know in the comments. Happy hacking!
Check out our latest product, Dead Man’s Snitch for monitoring cron, heroku scheduler or any periodic task.