4 Responses

  1. Bruce Ferrell says:

    wait… Tmate installs a server?! And this is better than screen why?

    • Rudy Bleeker says:

      Because with screen you can not have someone on another machine view your terminal with you. Tmux and Screen are great tools for when you want to keep your terminals open on a remote machine even after you close the SSH connection, but they are for private use only. This is for when you want to use your terminal collaboratively.

      • Bruce Ferrell says:

        Actually, yes you can. I’ve used it for exactly that purpose that when training people on CLI environments for decades.

        See the screen documentation for the multisession and multiuser settings of screen. And screen needs to install no new services or servers.

        Frankly, I don’t want people on terminal sessions on my systems if they are NOT actually logged onto the box. At best, it is VERY poor security practice.

        • Rudy Bleeker says:

          Well yes, I know you can do it with screen but it’s a bit more involved and as you said, you need to give people shell access to the machine. That’s not always practical or even possible. Tmate is much easier to use since it’s a simple URL and isn’t blocked when there’s a firewall in the way somewhere, making for a better out of the box experience.

          That said, I agree there are some severe security implications. For example, anyone who has write access to the shared terminal can execute the tmate show-messages command, showing all connection URLs for all to see, including users who you only gave the view only URL to. This is an obvious privilege escalation that needs to be addressed.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.