[Skunkleton]

> I don't mind dealing with wonky copy and paste once in a while.

This problem is in no way unique to tmux. You have the same problem with any terminal app that takes over drawing, eg vim. That said it is also easy enough to fix.

The solution is OSC52, a terminal escape sequence that the emulator can use to interact with the system clipboard (kitty, alacritty, iterm2 all support this). The first step is to get you a script that writes out data in that protocol. Its easy enough:

    #!/usr/bin/env python3
    import os, base64, sys
    clip = base64.b64encode(sys.stdin.buffer.read())
    for pid in (os.getpid(), os.getppid()): # so that osc52-copy can be invoked by processes that themselves do not have a tty.
        cty = f"/proc/{pid}/fd/1"
        try:
            fd = os.open(cty, os.O_WRONLY)
            if os.isatty(fd):
                os.write(fd, b'\x1b]52;c;') # the actual escape sequence
                os.write(fd, clip)
                os.write(fd, b'\a')
                break
        except:
            continue
        finally:
            os.close(fd)
    else:
        raise SystemExit(f"no tty")

Now you can do this:

$ grep my_thing < some.txt | osc52-copy

And whatever got into osc52 is now on your system clipboard.

Tmux (set -g clipboard on) and nvim (unset clipboard) both have native osc52 support, and the script above can be used to integrate other places.

[carodgers]

Terminal emulators have taken a very odd attitude toward OSC52. Many (or all?) of them selectively disable either copy, or paste, or both, depending on how cautious the maintainer is.

Yes, it's true that an application that can read system clipboard content may scrape a password, but literally any application running in the terminal can read private keys out of your .ssh folder.

With some heavy reading and a bit of experimentation, you can usually get this working, though.

[CGamesPlay]

But with OSC 52, any system I ssh into can scrape those passwords. Bigger attack surface, to be sure. And unfortunately there’s no particularly good way of telling if the received escape code originated from the local machine.

[em-bee]

only passwords that you type after logging in. but if you can't trust the remote system then i don't think OSC 52 is the only way to do that.

[CGamesPlay]

You are misunderstanding OSC 52. A malicious/compromised SSH host can simply repeatedly print the OSC 52 paste command, causing the compliant terminal to repeatedly send any copied text to the remote system.

Everything in your comment is true regardless of OSC 52 support, though. OSC 52 just increases the attack surface for the sake of convenience.

[em-bee]

oh, i didn't know about paste. mainly because i am confused why that is even needed. i get the application running inside the terminal needing to have a way to send a selection to the the terminal, but pasting into an application already worked without OSC 52, so why did they add a function to pull from the paste buffer?

[procaryote]

There are lots of ways to secure your private keys though, including passphrases, having a ssh agent that requires interaction to use a key, having them on hardware security keys etc.

Having osc52 paste default off seems very reasonable

[bitbasher]

I generally use xclip to copy program output. It has been around forever. Otherwise, I pipe into vim or I'm already using vim and I can copy via visual mode with "+y

[tristan957]

What is the benefit of this over pbcopy and wl-copy?

[larntz]

If you're working locally I can't think of much. OSC52 works to copy to your local clipboard from a remote system (e.g., over ssh) from within tmux or nvim as long as you are using a terminal that supports it.

I use it to copy from remote system when I'm in nvim (`"+y`).

Here are a couple links that relate to tmux and nvim.

- tmux: https://github.com/tmux/tmux/wiki/Clipboard

- nvim: https://neovim.io/doc/user/provider.html#clipboard-osc52

[meitham]

The benefits it works everywhere, even on the blink app on iPhone when you suddenly have to pull out your phone in an emergency, connect to your tmux session away from your usual workstation.