I'd be keen to hear why tmate isn't a good idea in terms of security.
As I understand it, the use of tmate is not so different from physically sitting next to a colleague and both of you taking the hot-seat with the computer.
Is the vulnerability around sending a shell to tmate.io? If so, I believe there is also an option to host the software on your own server.
You don’t see the difference between: 1) allowing anyone on the Internet to use an ssh shell on an internal server that’s protected by authentication and firewalls, vs 2) someone you know, who has already been granted physical access to your location, and likely already has a security clearance as well as undergone interviews, training, and other security checks?
As I understand it, the use of tmate is not so different from physically sitting next to a colleague and both of you taking the hot-seat with the computer.
Is the vulnerability around sending a shell to tmate.io? If so, I believe there is also an option to host the software on your own server.