Revoke (remote) access (urls) without terminating the session

[Jürgen Albersdorfer]

Hi, I started a long running task within a tmate session.

Now I want to revoke remote access to that server while keeping the long running task running.

How can I achieve this?

Thanks, regards

Jürgen

[Hippie Hacker]

Not sure of a tmate specific way, and it's a bit yolo/cheeky, but you could just remove network access for the tmate process:

mkdir /sys/fs/cgroup/net_cls/block
echo 42 > /sys/fs/cgroup/net_cls/block/net_cls.classid
iptables -A OUTPUT -m cgroup --cgroup 42 -j DROP
echo [tmate-pid] > /sys/fs/cgroup/net_cls/block/tasks

That would keep tmate from making or accepting any network connections, but allow you to still connect locally, and leave the process running.

--
You received this message because you are subscribed to the Google Groups "tmate.io" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tmate-io+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tmate-io/830efa03-b7f7-420d-9bf5-3135dcb268a6n%40googlegroups.com.

[Jürgen Albersdorfer]

I indeed solved it for now in a way like this - tmate makes ssh connections to internet servers, so I blocked outbound Traffic to SSH Ports via iptables ;-)

iptables -A OUTPUT -p tcp --dport 22 -j DROP

but you have to be aware, that you will receive all keystrokes typed into the webinterface while the traffic was blocked.

So unblock by something like

iptables -D OUTPUT -p tcp --dport 22 -j DROP && vi

or something like this, to not allow the commands into a Shell.

Nevertheless, some tmate'ish solution would be great.