
ZSH, tmux, Emacs and SSH: A copy-paste story - pmoriarty
https://blog.d46.us/zsh-tmux-emacs-copy-paste/
======
dangirsh
This annoyance is one reason I avoid leaving Emacs. Eshell, tramp, dired,
proced, docker-mode, etc... replace most of my terminal needs (including SSH).
The same movement, search, and copy/paste bindings work everywhere, including
in buffers pointing to remote machines.

Relevant:
[https://www.reddit.com/r/emacs/comments/6y3q4k/yes_eshell_is...](https://www.reddit.com/r/emacs/comments/6y3q4k/yes_eshell_is_my_main_shell/)

~~~
ealhad
I have been a happy Emacs user for nearly two years now, but I still don't use
eshell. Is it only me, or is it really painfully slow?

~~~
vmsp
Dan Luu wrote about terminal latency a while back [1]. Eshell is actually the
shell with the least overall latency. Is is, though, very slow at sinking
stdout, which is probably what you are noticing.

[1] [https://danluu.com/term-latency/](https://danluu.com/term-latency/)

~~~
emj
Thanks for that link, but it does note that this is also latency, i.e.
transmission delay, and at 500KB/s Eshell has a very high latency for bulk
transfer especially considering it's 10MB/s slower than the nearest comptitor.
How much this affects your work varies, but you will adapt and change you
behaviour because of that latency.

------
Watabou

        > The problem is that pbpaste and pbcopy do not work under tmux
    

They do in recent macOS/tmux versions. You don't need reattach-to-user-
namespace anymore.

These are my keybindings for copy/paste to clipboard:

    
    
        bind-key -T copy-mode-vi 'v' send -X begin-selection
        bind-key -T copy-mode-vi 'y' send -X copy-pipe-and-cancel pbcopy
        bind-key -T copy-mode-vi MouseDragEnd1Pane send -X copy-pipe-and-cancel pbcopy
        bind-key -T copy-mode-vi MouseDragEnd3Pane send -X copy-pipe-and-cancel pbcopy
    

`prefix + ]` then pastes using the clipboard contents

------
EdiX

        Pasting into a terminal is interpreted literally, meaning an attacker can hide ;sudo do $really_evil_thing; in innocent looking, pasteable HTML with CSS trickery
    

TBH the fact that you can't tell what the fuck you are selecting in a web
browser, is more of a UX bug of web browser than a problem with user behaviour
or with applications receiving stuff from browsers.

That we are addressing this bug in terms of user education and workarounds in
terminal emulators mostly says that we, as a community, have given up on web
browsers ever making sense.

------
sa46
Author here, this is a rather pleasant Sunday surprise.

I'm not sure I'd recommend the route in the post. The setup is fragile with a
sizable set of moving parts. Simpler options are doubling down on Emacs with
TRAMP or using the client terminal emulator (e.g. iTerm) to copy and paste
screen contents.

------
unhammer
All these workarounds sound like a reason to use start using tramp more
(apropos,
[https://www.youtube.com/watch?v=dljNabciEGg](https://www.youtube.com/watch?v=dljNabciEGg)
/ [http://www.howardism.org/Technical/Emacs/literate-
devops.htm...](http://www.howardism.org/Technical/Emacs/literate-devops.html)
is a pretty neat demo of combining org-babel and tramp).

\-----

There is also emamux, which seems to be able to copy from tmux:
[https://github.com/syohex/emacs-emamux/#emamuxyank-from-
list...](https://github.com/syohex/emacs-emamux/#emamuxyank-from-list-buffers)

~~~
yjftsjthsd-h
As a vim user, tramp is one of two things that make me keep considering
switching, the second being org mode.

~~~
greggyb
I have found the transition to be pretty worthwhile. Evil is actually very
good. There are also a few Evil-X packages that give sensible rebindings for
other popular modes, like evil-magit.

It helped for me that I actually like lisps as well.

------
jwilk

      local fake_clipboard=/tmp/clipboard-data.txt
      if is-ssh && is-port-in-use $clipper_port; then
        # Pipe to the clipper instance and the fake clipboard.
        tee >(nc localhost $clipper_port) "$fake_clipboard"
    

This is not a secure use of /tmp; and in general /tmp is not suitable for such
inter-process communication.

Please create the fake clipboard file somewhere in the user's home directory.

~~~
sa46
Why is /tmp not suitable for IPC? Is it because it's generally more open than
a home directory?

~~~
stevekemp
First of all because anybody can read the contents of files there - presuming
you don't have a sane umask.

Secondly because other uesrs might create files. Imagine somebody ran:

    
    
         ln -s /home/foo/.bash_profile /tmp/clipboard-data.txt
    

The next time you ran your clipboard-script your .bash_profile file would get
its contents erased, due to the symlink.

Predictable filenames are a big security hole for multiuser systems, even
though in practice you're probably the sole user of your desktop/laptop. I've
reported numerous bugs of this kind, including this small set against GNU
emacs:

[http://seclists.org/oss-sec/2014/q2/269](http://seclists.org/oss-
sec/2014/q2/269)

------
woodruffw
It's not a perfect solution, but I usually use the X11 primary selection
trick: highlight some text with my mouse, and use the middle button to paste
it. Any X11 window that supports text selection should work with it, including
terminal emulators.

The downside, of course, is that X11 selections aren't real clipboards: they
disappear as soon as their origin window is destroyed. That means you have to
keep the source window open while you do your pasting, which may clash with
your workflow.

~~~
pmoriarty
_" The downside, of course, is that X11 selections aren't real clipboards:
they disappear as soon as their origin window is destroyed."_

Check out parcellite.[1] It gives a persistent clipboard history under X.

[1] - [http://parcellite.sourceforge.net/](http://parcellite.sourceforge.net/)

~~~
bisby
The downside I found to parcellite is that it doesn't handle images at all.
Instead I've been stuck using xfce4-clipman, even though I've actually wanted
to switch to parcellite so I can have a less DE specific solution.

------
cweill
If you're looking for an Emacs terminal+x-clipboard solution, I created an
elisp pull request [1] for Spacemacs for adding that kind of support and
handling SSH, Tmux, and Emacs. Note, this isn't a perfect solution, but it
works well for linux to linux ssh and tmux. Feel free to contribute.

[1]
[https://github.com/syl20bnr/spacemacs/pull/8864](https://github.com/syl20bnr/spacemacs/pull/8864)

------
KaiserPro
One of the reason I use a linux/x11 environment for work is the middle button
paste buffer. (I have no idea what it's real name is for)

any text selected is automatically copied into the buffer (which is seperate
from ctrl-c/v)

It doesn't overcome the "bugger I've pasted rm -rf /*" problem, but its
wonderfully useful

~~~
tialaramex
It's a Selection and its name is PRIMARY. Nothing is copied, that's the trick
for the clipboard on every vaguely modern OS too. (In X11 the clipboard is a
Selection named CLIPBOARD). Instead applications tell the system "I have the
clipboard" (or in X, "I have this named selection") and when a paste operation
happens the exact bits to be moved are figured out only then.

------
nebulous1
In bash I use ctrl-X-E and paste into the default editor using the emulator's
paste function (ctrl-shift-v in my current emulator). This works in bash ssh
sessions too.

------
pdkl95
> a terminal will default to interpreting what you pasted the same as entering
> a sequence of commands

Another reason why urxvt[1] is the best terminal emulator: the "confirm-
paste"[2] extension. Any time the terminal receives a paste matching /[\n\r]/,
the terminal shows you the incoming text in an overlay and asks for
confirmation.

Enable it with the option "-pe confirm-paste" or add something like this to
~/.Xresources

    
    
        URxvt*perl-ext-common: default,confirm-paste
    

(or added to your list of extensions, if you are not using the "default" set)

(afterwords, don't forget to run "xrdb -merge ~/.Xresources")

[1] [http://software.schmorp.de/pkg/rxvt-
unicode.html](http://software.schmorp.de/pkg/rxvt-unicode.html)

[2] [http://cvs.schmorp.de/rxvt-unicode/src/perl/confirm-
paste?vi...](http://cvs.schmorp.de/rxvt-unicode/src/perl/confirm-
paste?view=markup)

~~~
jwilk
The confirm-paste plugin won't necessarily save you from malicious pastes.

See my comments in
[https://lwn.net/Articles/749992/](https://lwn.net/Articles/749992/) .

~~~
pdkl95
Thanks, I will have to fix that, probably by trapping any non-printing, non-
whitespace code, not just [\n\r]. I can't think of any situation I would _not_
want to confirm past of text containing control codes, so it should be an easy
fix.

Incidentally, while I wasn't vulnerable to C-o because I have a _lot_ of
remapped bindings. However, I _am_ vulnerable to the two other codes that I
bound to operate-and-get-next.

> Enumerating badness usually doesn't end well.
    
    
        *applause*
    

I wish more people that create and/or operate networked devices understood
that.

------
tinix
Clipboard control in terminals... yet.... not a single mention of OSC 52.

<_<

Then they are using /tmp to facilitate IPC... What a horrible thing.

~~~
sa46
Author here, OSC 52 looks promising. I didn't realize there was an escape code
for clipboard integration.

You're the second person to mention /tmp for IPC is bad. Why is it bad?

[1]: [https://medium.freecodecamp.org/tmux-in-practice-
integration...](https://medium.freecodecamp.org/tmux-in-practice-integration-
with-system-clipboard-bcd72c62ff7b)

~~~
tomsmeding
The reason is security. It isn't much of a problem on a laptop only you use
(since then your home directory is likely none safer), but on a shared
machine, or at least a shared file system, other accounts can access stuff in
/tmp just fine, e.g. by replacing the file with a symlink. To perform a delete
operation on a file, you only need execute permissions on the containing
directory (iirc), but nothing on the file itself.

------
rjkennedy98
I just went through this hell when setting up my new Macbook Pro at my new
job. Setting up iterm, tmux, zsh to properly cut and paste was so frustrating.
By default I should be able to yank into my clipboard and paste into vim from
my clipboard in tmux. I can't figure out why this isn't the default behavior.

------
grafoo
to add my an 50 cent... i hacked together a tool that does not rely on xclip
or pbcopy [https://github.com/grafoo/netsel](https://github.com/grafoo/netsel)
you'd start it on your x11 machine and remote forward the tcp port to the
remote hosts.

------
agapon
Regarding pasting to a terminal with zsh, I've been using a recipe from here
[http://www.zsh.org/mla/users/2011/msg00367.html](http://www.zsh.org/mla/users/2011/msg00367.html)
and it's been great.

------
Myrmornis
> Pasting into a terminal is interpreted literally, meaning an attacker can
> hide ;sudo do $really_evil_thing; in innocent looking, pasteable HTML with
> CSS trickery. Therefore, we can’t blindly paste text into a terminal.

It depends on the probability that an "attacker" has done such a thing, which
depends on the website among other things.

Sincere question: is it really appropriate that so many of us think in such
black and white terms about security? I submit that it is not appropriate to
strive for zero-probability-of-being-pwned solutions in all personal computing
scenarios; there is a cost benefit analysis always.

~~~
sa46
Author here. I figured it was an easy enough hole to fix that it was worth
including. The ZSH line editor will paste without sending the command so you
don't really harm usability.

Installing dev tools via paste and pipe into sh is fairly common:

    
    
        curl https://sh.rustup.rs -sSf | sh
    

The overall risk is probably really low, but there's no downsides.

~~~
Myrmornis
Cool, I’m sure that’s good advice! I’ve just always been curious about the
general question — there’s a large contingent of programmers who role their
eyes whenever they see curl|sh and there’s probably an equally large component
who think that life’s short and contains more important issues than command
line security neuroticism...

