linux tips: screen

When you’re working in a remote terminal environment, being able to resume a session can be an invaluable tool – especially when the connection isn’t stable.

When connecting to a UNIX-based environment (like the many varieties of Linux, or OSX) there is a handy utility called `screen` that effectively allows you to run tabbed terminal consoles within a single terminal console. This has many benefits, not just the ability to resume the connection if the connection drops.

adding a status bar

The first thing to do when starting any new screen session, is to add a config file. This file changes the default look and feel of screen, which isn’t very intuitive if you’re just learning how to use it.
I’m going to use `vim` to write my config file, and I’m going to use a configuration that I pilfered from somewhere on the internet a while ago:

# ~/.screenrc
termcapinfo xterm* [email protected]:[email protected]
startup_message off
vbell off
autodetach on
altscreen on
shelltitle "$ |bash"
defscrollback 100000
defutf8 on
nonblock on
msgwait 0
hardstatus alwayslastline "%{b kw}%H %{r}%1` %{w}| %{y}%Y-%m-%d %c %{w}| %{g}%l %{w}| %{-b kw}%u %-Lw%{= rW}%50> %n%f %t %{-}%+Lw%
# (This fixes the "Aborted because of window size change" konsole symptoms found
#  in bug #134198)
termcapinfo xterm* 'is=E[rE[mE[2JE[HE[?7hE[?1;4;6l'
# (you may have to change the 'xterm' value to match your $TERM value)

The most useful lines in this config file are the last two – they add the status bar to the screen window, which contains the list of open terminal tabs – which is verrry useful and I don’t know why this isn’t the default setup.
In the configuration shown above, the status bar contains the hostname on the left, the system load on the near right, and the server date and time on the far right, and your list of open terminal tabs in the middle.
Save this file into your home directory (usually `/home/yourusername/.screenrc`) and start start screen by running the command `screen`, and your window should look similar to this:


tab navigation

Press `ctrl-a c` to open a new tab
Press `ctrl-a shift-a`, change the name, and press `return` to save.
Press `ctrl-a-a` to switch between your most recent 2 tabs, or use `ctrl-a [num]` to switch to the tab numbered `[num]`, i.e. `ctrl-a 1` to switch to tab 1, `ctrl-a 2` for tab 2, etc.

detach and re-attach

I’ve pointed out that I believe the most useful feature of screen is the ability to detach and re-attach to screen sessions in the event of being disconnected from the server – so how do you go about actually doing that?
When you have connected to the server, to create a new screen session you type `screen` – but to re-attach to an existing disconnected screen session, type `screen -R`.
Sometimes, if you have disconnected very recently, the old screen session might still be attached to your old session! In order to tell screen you want to resume an existing screen session, and forecfully disconnect it from any connected session, use `screen -dR`. This does mean that if you have superuser privileges on the system to which you are connecting, anyone else who can assume control of your account can also take control of your screen session!

To detach your current screen session, press `ctrl-a d`.

locking your screen session

While in a screen session, press `ctrl-a x` to lock your session. This protects your open terminal sessions from being taken over by someone who might have access to your account. This won’t protect you from much, but it does add an extra layer of security that can help to delay or prevent security breaches.

This becomes a more useful feature when you realise that as a superuser, you can have multiple terminals open in screen, each one connected to a different server, each one potentially logged in as a more privileged user than the original screen session itself – so if a hacker manages to acquire the user’s username and password, they would be able to log in and resume all of these already logged in sessions with little more than a single command.

… so Lock Your Terminal!

scrolling history

When in cursor mode, you can search for patterns, and highlight and copy text too.

  • Press `ctrl-a Esc` to enter interactive cursor mode
  • Use the cursor keys (`up`, `down`, `left`, `right`, `PgUp`, `PgDn`) to navigate back in the history of the current screen terminal
  • Press `Esc` at any time to exit cursor mode and return to normal interactive mode
  • Press `Return` to start highlighting text at the position of the cursor
  • Use the cursor keys to select desired text
  • Press `Return` again to copy the selected text into the screen paste buffer – This will also exit cursor mode and return to interactive mode
  • To paste the text you’ve just copied, press `ctrl-a ]` when you’re in a suitable location. You can use this technique to copy and paste chunks of text or commands between console windows in the same screen session.

When in cursor mode, you can also search forwards and backwards using `/` and `?` respectively, just like in `vim` – to search “up” the screen from the cursor location, enter `?`, type your search string, and press `return`.
To find the next or the previous piece of text that matches your entered search, press `/` or `?` again and just press `return`.

further help

To access the help menu in screen, press `ctrl-a ?` and you will be presented with a list of further commands you can try out, which aren’t described quite as concisely as they are on this page, but they are a useful cheat-sheet, once you learn how to read the syntax.


bonus content

You might have noticed that my terminal prompt has also been customised – the code for this is added to the end of the file found in `/home/[yourusername]/.bashrc` – add the following code to the end of your `.bashrc` file:

# ~/.bashrc
PS1="$(if [[ ${EUID} == 0 ]]; then echo '[33[01;31m]h'; else echo '[33[01;32m][email protected]'; fi)[33[01;34m] w $([[ $? != 0 ]] && echo "[33[01;31m]:([33[01;34m] ")\$[33[00m] "

why passwords are secret

    Passwords are obviously used everywhere these days, but why is it so important that nobody else knows your passwords?

    The simple reason is obvious – you don’t want other people to be able to access your stuff when you don’t want them to.

    The more complex reason, is the legal one. Businesses, Websites, Internet Service Providers, Internet Cafés, nearly everyone infact, has a document or set of documents called an ‘Acceptable Use Policy’. In this document, they specify (or at least they should specify,) that any password or key they provide you with is not to be shared with anyone else, under any circumstances.

    The reason for this is not just to protect you and your stuff – this is to protect whoever is providing you with access to it. Because if they didn’t explicitly state that sharing these credentials with someone else is against the rules, then if your account becomes linked with some kind of activity that IS against the rules and they want to come after you, they might then have no way of proving you did it – because anyone you have given your password to could have access to it.

    Let me put this another way.

    1. Alice is given a password to access
    2. Alice gives her password to Bob, to upload some files.
    3. Bob uploads some illegally downloaded MP3s to using Alice’s password
    4. finds the illegal music collection, and wants to prosecute Alice
    5. Alice then tells that she didn’t put the files there
    6. Bob never agreed to the usage agreement on, because he just logged in using Alice’s password
    7. is then stuck because the usage agreement hasn’t been broken – they forgot to put in a clause about sharing passwords

    Here’s another example.

    1. Charlie owns
    2. Derek works for
    3. Charlie creates an email account for Derek, and hands him his password
    4. Derek is not allowed to change his password, because Charlie wants to keep a copy of it, for “security reasons”
    5. Derek sends an email to Edwin using his email account
    6. Edwin takes offence at Derek’s email, and decides to sue
    7. Charlie tries to fire Derek for sending the offensive email to Edwin
    8. Charlie cannot prove that the email was sent by Derek – as both Charlie and Derek have access to Derek’s password
    9. Charlie therefore has no reasonable grounds to fire or take other action against Derek due to the email.
    10. If Charlie fires Derek anyway, Derek may try to sue Charlie for unfair dismissal.

    If you work for a company who keeps a copy of your password written down somewhere, or stores your password unencrypted in a database, or stores it in any way that could enable anyone to read it – then it’s a reasonable assumption that someone else could have your password, without you having given it to them.

    Passwords Are Secrets – Nobody should ever know any of your passwords. They are secret and should not be shared. No exceptions.

    Providing access to another individual, either deliberately or through failure to secure its access, is prohibited. AUP

    User ID’s and passwords are not to be shared. Those who use another person’s user credentials and those who share such credentials with others will be in breach of this policy.
    Initial default passwords issued to any user must be changed immediately following notification of account set up.

    University of Bath AUP

    Each user is issued with a valid username and password that must be kept confidential and must not be shared with anyone else.

    University of Salford AUP

    You are responsible for properly using any user IDs, personal identification numbers (PINs) and passwords needed for the service, if any, and must take all necessary steps to make sure that you keep these confidential and secure, use them properly and do not make these available to unauthorised people.

    BT Terms and Conditions

    To protect your Google Account, keep your password confidential. You are responsible for the activity that happens on or through your Google Account.

    Google Terms of Service

    I did come across several policies that do not specifically mention passwords or access credentials – not all of them need to, as they can protected themselves with other related clauses, but adding a password clause like those above to any policy is such a simple addition that adds a lot of protection with very little effort.

    Further Reading

    1. Wikipedia: Acceptable Use Policy
    2. Dismissal: your rights
    3. Get Safe Online: Sample Acceptable Usage Policy
    4. Common Sense Education: Essentials – Acceptable Use Policies