A Simple Pair Programming Setup with SSH and Tmux

Photo by Pears -259, used under Creative Commons https://flic.kr/p/owS2tM

Here at Collective Idea, we do a lot of pair programming. We also believe in remote working. When pairing with any of our remote developers, we typically use a combination of SSH and tmux. There are a lot of good articles on this type of setup, but we’ve settled on an easy solution that works well.

Create An Account Alias

The first step is to create an alias for your main user account. While this is optional, it’s good to be consistent so that you aren’t required to know each developer’s actual username.

From the Users & Groups pane in System Preferences, right click on your user account and click Advanced Options.

From the Advanced Options pane, add an alias for your pair to use when connecting to your machine.

Configure SSH

Next we’ll want to turn on Remote Login from the Sharing pane in System Preferences.

And update our SSH login settings to turn password authentication off and only allow public-key authentication.

# /etc/sshd_config
PasswordAuthentication no
...
ChallengeResponseAuthentication no

Note: You will need to restart sshd for these changes to take effect. On a Mac, this is done by toggling Remote Sharing from the Sharing pane in System Preferences.

Setup Remote Users

Because we’ve configured SSH to only allow public-key authentication, we will need to add the public-key of our pair user(s) to the authorized_keys file.

> cat pair_rsa.pub >> ~/.ssh/authorized_keys

Once we have our pair user’s public-key added to our authorized_keys file, we need to edit this file to ensure any user that connects to our machine is automatically connected to our tmux session.

# ~/.ssh/authorized_keys

command="/usr/local/bin/tmux attach -t pair" ABCDEFGHIJKLMNOPQRSTUVXYZ pair@user.com

This ensures that anyone who connects via SSH is automatically attached to a tmux session called pair.

Putting It All Together

Once everything is setup, all you have to do in order to create a pair session is:

  1. Create a tmux session called pair
> tmux new-session -s pair
  1. Have your pair SSH into your machine
> ssh pair@hostname
  1. Profit

With this setup, someone will only be able to SSH into your machine if there is an existing tmux session called pair. If someone is already connected and you close the pair tmux session, they will be automatically disconnected from the SSH session as well.

Another benefit is that you will be prompted for your passphrase (you are using a passphrase, right?) anytime your private key is used. This prevents your pair from doing anything bad on your behalf without your consent.

One More Thing

I’ve created a shell script that automates these steps so that we can setup our machines for pairing easily and consistently. It relies on the great github-auth gem to easily grab public-keys from GitHub. You will need to modify the gh-auth command below for the pair user’s GitHub username.

Disclaimer: Due to the nature of what we’re doing, some the commands below use sudo. Proceed with caution!

#!/bin/sh

# create an account alias
sudo dscl . -append /Users/$USER RecordName Pair pair

# configure sshd to only allow public-key authentication
sudo sed -E -i.bak 's/^#?(PasswordAuthentication|ChallengeResponseAuthentication).*$/\1 no/' /etc/sshd_config

# add pair user public key(s)
touch ~/.ssh/authorized_keys
gh-auth add --users githubuser --command="$( which tmux ) attach -t pair"

If you have a great tip for pairing or otherwise, let us know in the comments. Happy hacking!

Update: Thanks to skywhopper on Hacker News, we’ve updated the sed command above to a one liner to ensure that we’re backing up our original sshd_config file.


Check out our latest product, Dead Man’s Snitch for monitoring cron, heroku scheduler or any periodic task.

Dead Man's Snitch

Tres Trantham

Comments:


Post a Comment

(optional)
(optional — will be included as a link.)
  1. This is awesome!

    I personally prefer Screenhero for remote pair programming, since it simplifies set up, handles NAT traversal, shares the entire screen, gives both sides a mouse cursor each, and is now comparable in speed to tmux. Have you tried it?

    JS

    JS
    JS
    February 18, 2014 at 11:35 AM
  2. I would assume you are all primarily mac users, then?

    I was just made aware of this (awesome looking) beta software that simplifies code collaboration and pair programming from remote locations. It is expected to launch beta in just 3 days.

    https://kobra.io/

    February 18, 2014 at 12:25 PM
  3. There are some tools to do pretty much the same thing at https://github.com/livingsocial/ls-pair

    Kurt Sussman
    Kurt Sussman
    February 18, 2014 at 12:59 PM
  4. Wow… I was literally going to write this same blog post. I had done this recently with a co-worker and found it to work extremely well.

    One tip I wanted to share with you (or your readers). We used https://ngrok.com/ to allow my pair to connect to my machine over the web and see our changes in real time. Instead of having to do a deploy or push.

    February 18, 2014 at 13:14 PM
  5. Thanks for the feedback. There’s a lot of great alternatives here if we ever outgrow this setup.

    Brandon: I’ve read a lot of good things about ngrok but haven’t had the chance to try it out myself. Our remote folks VPN into our network so we don’t usually have a need for ngrok, but it’s definitely in my queue to try. Thanks!

    February 18, 2014 at 13:23 PM
  6. Could you explain how you are able to pair once you are both logged into the same machine? Does the tmux command mean that both developers can see the same terminal?

    Alex
    Alex
    February 18, 2014 at 14:40 PM
  7. Alex: Yes, the steps above should result in you and your pair sharing the same tmux session which is essentially a shared terminal in this context. From there, we typically use VIM as our code editor in one tmux window and a shell prompt in a second tmux window (for tests, rails console work, etc.).

    February 18, 2014 at 14:46 PM
  8. Don’t you mean
    > cat pair_rsa.pub >> ~/.ssh/authorized_keys
    instead of
    > echo pair_rsa.pub >> ~/.ssh/authorized_keys
    ?

    Jonny
    Jonny
    February 18, 2014 at 15:30 PM
  9. Jonny: Doh, yes. Thanks for the heads up!

    February 18, 2014 at 15:33 PM
  10. I use github-auth(https://github.com/chrishunt/github-auth) to add/delete keys to my authorized_keys. Saves some time. It requires the user to be on Github though which doesn’t sound like a problem to me.

    February 18, 2014 at 15:44 PM
  11. Maybe ngrok offers added bells and whistles, but ssh -L 3000:localhost:3000 has suited my needs when pairing.  Seems like it’d fit for Brandon’s as well.

    February 18, 2014 at 16:04 PM
  12. Personally, I prefer not to give someone SSH access to my account on my machine and instead setup a socket file that we both have group permissions to use and fire ```tmux -S /tmp/pairshare attach".

    cheapRoc
    cheapRoc
    February 18, 2014 at 21:07 PM
  13. If I’ve got a single Ubuntu 13.10 PC, with 2 users ‘me’ and ‘otherguy’, I wonder if it is possible to get screen/tmux (I use byobu actually) to create a global/system-wide kind of session which both users (either logged in locally/remotely) are able to share the same session? (ignore security concerns for this)

    February 18, 2014 at 21:33 PM
  14. Nvm, @cheapRoc’s comment on using a socket works.

    February 18, 2014 at 21:42 PM
  15. If you have a dynamic public ip address how are you doing the DNS lookup of “user.com” ?

    Thanks for the article

    Chris

    Chris

    February 19, 2014 at 0:46 AM
  16. Chris: The user.com domain was just an example. Using a public IP address (or private via VPN as we do) should work just fine.

    February 19, 2014 at 10:28 AM
  17. i have show that to my classmate years ago. 

    and if you want to share X sessions , maybe you could try xrpa

    February 19, 2014 at 22:29 PM
  18. “Personally, I prefer not to give someone SSH access to my account on my machine and instead setup a socket file that we both have group permissions to use and fire ```tmux -S /tmp/pairshare attach”."

    Newbie question: Why is this more secure?

    KL
    KL
    December 03, 2014 at 18:53 PM
  19. Hmm… I get it..
    But is it secure ? please explain..

    Thanks

    March 19, 2015 at 23:59 PM