Tmate(teammates)
是 Tmux 终端复用器使用 的一个分支,配置信息(例如快捷键配置,配色方案)兼容,实现了终端即时分享的能力,并且支持在单个屏幕中创建并操控多个终端的功能。
介绍
工作原理
<tmate client> -- libssh + ssh key = 150 为回话令牌 --> <tmate.io> -- session-id --> <分享给其他用户>
客户端安装
# mac
brew install tmate
# ubuntu
sudo apt-get install tmate
# CentOS
sudo dns install tmate
使用
# 新建会话
$ tmate
Tip: if you wish to use tmate only for remote access, run: tmate -F [0/0]
To see the following messages again, run in a tmate session: tmate show-messages
Press <q> or <ctrl-c> to continue
---------------------------------------------------------------------
Connecting to ssh.tmate.io...
Note: clear your terminal before sharing readonly access
web session read only: https://tmate.io/t/ro-y7j9jh3uYFngNTDtJGnhW8BkY
ssh session read only: ssh ro-y7j9jh3uYFngNTDtJGnhW8BkY@sgp1.tmate.io
web session: https://tmate.io/t/EmULrMwLrWJmFzrCJpMNJgQaz
ssh session: ssh EmULrMwLrWJmFzrCJpMNJgQaz@sgp1.tmate.io
# 查看回话信息
$ tmate show-messages
$ tmate -S /tmp/tmate.sock
# 链接 readonly session
$ ssh ro-y7j9jh3uYFngNTDtJGnhW8BkY@sgp1.tmate.io
# 链接 read-write session
$ ssh EmULrMwLrWJmFzrCJpMNJgQaz@sgp1.tmate.io
tmate-ssh-server 部署
该部分介绍如何私有化部署 tmate ssh server,源码 https://github.com/tmate-io/tmate-ssh-server
Docker 部署
- 创建 key,注意输出的
.tmate.conf
后面会使用
$ mkdir -p /data/tmate && cd /data/tmate
$ curl -sSL -o create_keys.sh https://raw.githubusercontent.com/tmate-io/tmate-ssh-server/2.3.0/create_keys.sh
$ cat create_keys.sh
#!/bin/bash
set -eu
gen_key() {
keytype=$1
ks="${keytype}_"
key="keys/ssh_host_${ks}key"
if [ ! -e "${key}" ] ; then
ssh-keygen -t ${keytype} -f "${key}" -N ''
SIG=$(ssh-keygen -l -E SHA256 -f $key.pub | cut -d ' ' -f 2)
fi
}
mkdir -p keys
gen_key rsa
RSA_SIG=$SIG
gen_key ed25519
ED25519_SIG=$SIG
echo ""
echo "You may use the following settings this in your .tmate.conf:"
echo ""
echo "set -g tmate-server-host localhost"
echo "set -g tmate-server-port 22"
echo "set -g tmate-server-rsa-fingerprint \"$RSA_SIG\""
echo "set -g tmate-server-ed25519-fingerprint \"$ED25519_SIG\""
$ chmod +x create_keys.sh
$ ./create_keys.sh
...
You may use the following settings this in your .tmate.conf:
set -g tmate-server-host localhost
set -g tmate-server-port 22
set -g tmate-server-rsa-fingerprint "SHA256:vZW+e3k/Mgi2Q5LJ9sYVo2oiL27ab9yaSwPf9aNS2O4"
set -g tmate-server-ed25519-fingerprint "SHA256:8lJN5+iNlOQ6+BDCaUWURyl8fwzLlt8H+7oRlrkGfKM"
$ ls keys/
ssh_host_ed25519_key ssh_host_ed25519_key.pub ssh_host_rsa_key ssh_host_rsa_key.pub
version: '3'
services:
tmate:
image: tmate/tmate-ssh-server:latest
ports:
- '2222:2222'
environment:
- SSH_KEYS_PATH=/keys
- SSH_HOSTNAME=tmate.xiexianbin.cn
- SSH_PORT_LISTEN=2222
volumes:
- '/data/tmate/keys:/keys'
cap_add:
- SYS_ADMIN
restart: always
$ docker-compose up
...
Status: Downloaded newer image for tmate/tmate-ssh-server:latest
Creating tmate_tmate_1 ... done
Attaching to tmate_tmate_1
tmate_1 | sh: out of range
tmate_1 | sh: out of range
tmate_1 | Loading key /keys/ssh_host_rsa_key
tmate_1 | Loading key /keys/ssh_host_ed25519_key
tmate_1 | Accepting connections on :2222
client 指定 tmate server
$HOME/.tmate.conf
,参考生成 keys 的出书
set -g tmate-server-host "[your server FQDN]"
set -g tmate-server-port [server port]
set -g tmate-server-dsa-fingerprint "dsa fingerprint"
set -g tmate-server-rsa-fingerprint "rsa fingerprint"
set -g tmate-server-ecdsa-fingerprint "ecdsa fingerprint"
#set -g tmate-identity "" # Can be specified to use a different SSH key
示例的配置文件:
set -g tmate-server-host tmate.xiexianbin.cn
set -g tmate-server-port 2222
set -g tmate-server-rsa-fingerprint "SHA256:vZW+e3k/Mgi2Q5LJ9sYVo2oiL27ab9yaSwPf9aNS2O4"
set -g tmate-server-ed25519-fingerprint "SHA256:8lJN5+iNlOQ6+BDCaUWURyl8fwzLlt8H+7oRlrkGfKM"
$ tmate
Tip: if you wish to use tmate only for remote access, run: tmate -F [0/0]
To see the following messages again, run in a tmate session: tmate show-messages
Press <q> or <ctrl-c> to continue
---------------------------------------------------------------------
Connecting to tmate.xiexianbin.cn...
Note: clear your terminal before sharing readonly access
ssh session read only: ssh -p2222 ro-WTHhGDrHP6RYzRsVDhT4QVAHP@tmate.xiexianbin.cn
ssh session: ssh -p2222 pZPRhBGaeXxteMz8w6bJhWduE@tmate.xiexianbin.cn
ssh -p2222 pZPRhBGaeXxteMz8w6bJhWduE@tmate.xiexianbin.cn
其他