Collective Idea

Collective Idea Logo

Tres Trantham

A Simple Pair Programming Setup with SSH and Tmux

By Tres Trantham on February 18, 2014 in pair programming, ssh, and tmux

Here at Collective Idea, we do a lot of pair programming. We also believe in remote working. When pairing with any of our remote developers, we typically use a combination of SSH and tmux. There are a lot of good articles on this type of setup, but we’ve settled on an easy solution that works well.

Create An Account Alias

The first step is to create an alias for your main user account. While this is optional, it’s good to be consistent so that you aren’t required to know each developer’s actual username.

From the Users & Groups pane in System Preferences, right click on your user account and click Advanced Options.

From the Advanced Options pane, add an alias for your pair to use when connecting to your machine.

Configure SSH

Next we’ll want to turn on Remote Login from the Sharing pane in System Preferences.

And update our SSH login settings to turn password authentication off and only allow public-key authentication.

# /etc/sshd_config
PasswordAuthentication no
...
ChallengeResponseAuthentication no

Note: You will need to restart sshd for these changes to take effect. On a Mac, this is done by toggling Remote Sharing from the Sharing pane in System Preferences.

Setup Remote Users

Because we’ve configured SSH to only allow public-key authentication, we will need to add the public-key of our pair user(s) to the authorized_keys file.

> cat pair_rsa.pub >> ~/.ssh/authorized_keys

Once we have our pair user’s public-key added to our authorized_keys file, we need to edit this file to ensure any user that connects to our machine is automatically connected to our tmux session.

# ~/.ssh/authorized_keys

command="/usr/local/bin/tmux attach -t pair" ABCDEFGHIJKLMNOPQRSTUVXYZ pair@user.com

This ensures that anyone who connects via SSH is automatically attached to a tmux session called pair.

Putting It All Together

Once everything is setup, all you have to do in order to create a pair session is:

  1. Create a tmux session called pair
> tmux new-session -s pair
  1. Have your pair SSH into your machine
> ssh pair@hostname
  1. Profit

With this setup, someone will only be able to SSH into your machine if there is an existing tmux session called pair. If someone is already connected and you close the pair tmux session, they will be automatically disconnected from the SSH session as well.

Another benefit is that you will be prompted for your passphrase (you are using a passphrase, right?) anytime your private key is used. This prevents your pair from doing anything bad on your behalf without your consent.

One More Thing

I’ve created a shell script that automates these steps so that we can setup our machines for pairing easily and consistently. It relies on the great github-auth gem to easily grab public-keys from GitHub. You will need to modify the gh-auth command below for the pair user’s GitHub username.

Disclaimer: Due to the nature of what we’re doing, some the commands below use sudo. Proceed with caution!

#!/bin/sh

# create an account alias
sudo dscl . -append /Users/$USER RecordName Pair pair

# configure sshd to only allow public-key authentication
sudo sed -E -i.bak 's/^#?(PasswordAuthentication|ChallengeResponseAuthentication).*$/\1 no/' /etc/sshd_config

# add pair user public key(s)
touch ~/.ssh/authorized_keys
gh-auth add --users githubuser --command="$( which tmux ) attach -t pair"

If you have a great tip for pairing or otherwise, let us know in the comments. Happy hacking!

Update: Thanks to skywhopper on Hacker News, we’ve updated the sed command above to a one liner to ensure that we’re backing up our original sshd_config file.


Check out our latest product, Dead Man’s Snitch for monitoring cron, heroku scheduler or any periodic task.

Dead Man's Snitch

By Tres Trantham on February 18, 2014 in pair programming, ssh, and tmux

18 Comments

  1. JS

    JS February 18, 2014 http://iteleportmobile.com

    This is awesome!

    I personally prefer Screenhero for remote pair programming, since it simplifies set up, handles NAT traversal, shares the entire screen, gives both sides a mouse cursor each, and is now comparable in speed to tmux. Have you tried it?

    JS

  2. Laura Mosher

    Laura Mosher February 18, 2014 http://lauramosher.com

    I would assume you are all primarily mac users, then?

    I was just made aware of this (awesome looking) beta software that simplifies code collaboration and pair programming from remote locations. It is expected to launch beta in just 3 days.

    https://kobra.io/

  3. Kurt Sussman

    Kurt Sussman February 18, 2014

    There are some tools to do pretty much the same thing at https://github.com/livingsocial/ls-pair

  4. Brandon Cordell

    Brandon Cordell February 18, 2014 http://brandoncordell.com

    Wow… I was literally going to write this same blog post. I had done this recently with a co-worker and found it to work extremely well.

    One tip I wanted to share with you (or your readers). We used https://ngrok.com/ to allow my pair to connect to my machine over the web and see our changes in real time. Instead of having to do a deploy or push.

  5. Tres Trantham

    Tres Trantham February 18, 2014 http://collectiveidea.com

    Thanks for the feedback. There’s a lot of great alternatives here if we ever outgrow this setup.

    Brandon: I’ve read a lot of good things about ngrok but haven’t had the chance to try it out myself. Our remote folks VPN into our network so we don’t usually have a need for ngrok, but it’s definitely in my queue to try. Thanks!

  6. Alex

    Alex February 18, 2014

    Could you explain how you are able to pair once you are both logged into the same machine? Does the tmux command mean that both developers can see the same terminal?

  7. Tres Trantham

    Tres Trantham February 18, 2014 http://collectiveidea.com

    Alex: Yes, the steps above should result in you and your pair sharing the same tmux session which is essentially a shared terminal in this context. From there, we typically use VIM as our code editor in one tmux window and a shell prompt in a second tmux window (for tests, rails console work, etc.).

  8. Jonny

    Jonny February 18, 2014

    Don’t you mean
    > cat pair_rsa.pub >> ~/.ssh/authorized_keys
    instead of
    > echo pair_rsa.pub >> ~/.ssh/authorized_keys
    ?

  9. Tres Trantham

    Tres Trantham February 18, 2014 http://collectiveidea.com

    Jonny: Doh, yes. Thanks for the heads up!

  10. Fayimora

    Fayimora February 18, 2014 http://fayimora.com

    I use github-auth(https://github.com/chrishunt/github-auth) to add/delete keys to my authorized_keys. Saves some time. It requires the user to be on Github though which doesn’t sound like a problem to me.

  11. Eric Milford

    Eric Milford February 18, 2014 http://www.collectiveidea.com

    Maybe ngrok offers added bells and whistles, but ssh -L 3000:localhost:3000 has suited my needs when pairing.  Seems like it’d fit for Brandon’s as well.

  12. cheapRoc

    cheapRoc February 18, 2014

    Personally, I prefer not to give someone SSH access to my account on my machine and instead setup a socket file that we both have group permissions to use and fire ```tmux -S /tmp/pairshare attach".

  13. Lee Wei

    Lee Wei February 18, 2014 http://github.com/evandrix

    If I’ve got a single Ubuntu 13.10 PC, with 2 users ‘me’ and ‘otherguy’, I wonder if it is possible to get screen/tmux (I use byobu actually) to create a global/system-wide kind of session which both users (either logged in locally/remotely) are able to share the same session? (ignore security concerns for this)

  14. Lee Wei

    Lee Wei February 18, 2014 http://github.com/evandrix

    Nvm, @cheapRoc’s comment on using a socket works.

  15. Chris Zingel

    Chris Zingel February 19, 2014 http://zingtech.co.nz

    If you have a dynamic public ip address how are you doing the DNS lookup of “user.com” ?

    Thanks for the article

    Chris

    Chris

  16. Tres Trantham

    Tres Trantham February 19, 2014 http://collectiveidea.com

    Chris: The user.com domain was just an example. Using a public IP address (or private via VPN as we do) should work just fine.

  17. geek42

    geek42 February 19, 2014 http://geek42.info

    i have show that to my classmate years ago. 

    and if you want to share X sessions , maybe you could try xrpa

  18. Top eleven hack cheats

    Top eleven hack cheats August 26, 2014 http://to.ly/Dn1x

    I don’t think that that started with MLS Director of
    Player top eleven hack Programs Alfonso Mondelo, West Ham
    manager Allardyce, Williams will be dangerous in the
    World Cup song, Waka Waka This Time for Africa61.
    The BoE thinks that inflation is likely to stop all the quality international
    sport.

Post a Comment

Contact Us

Find us on Google Maps
Collective Idea
44 East 8th Street, Suite 410
Holland, Michigan 49423 USA 42.790334-86.105251

Follow us on the Interwebs

We are currently available for medium and long term projects. Please get in touch if we can be of service.