slides.md
· 5.6 KiB · Markdown
Surowy
<style type="text/css">
.reveal p {
text-align: center;
}
.reveal ul {
display: block;
}
.reveal ol {
display: block;
}
.reveal blockquote {
font-size: 70%;
}
.reveal-viewport {
background: #d1cec6;
background-color: #d1cec6;
}
</style>
```text
____ __ ____ ____ _ _
| _ \ _____ _____ _ __ ___ / _| / ___/ ___|| | | |
| |_) / _ \ \ /\ / / _ \ '__| / _ \| |_ \___ \___ \| |_| |
| __/ (_) \ V V / __/ | | (_) | _| ___) |__) | _ |
|_| \___/ \_/\_/ \___|_| \___/|_| |____/____/|_| |_|
```
---
## Target audience
- linux desktop CLI users
- linux admins
```text
__________________________________________
/ This is the year of linux on the desktop \
| |
| ...Windows10 has WSL ;-) |
\ /
------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
```
---
## [ssh-agent](https://www.ssh.com/academy/ssh/agent)
> The ssh-agent is a helper program that keeps track of user's identity keys and their passphrases. The agent can then use the keys to log into other servers without having the user type in a password or passphrase again. This implements a form of single sign-on (SSO).
---
## Agent Forwarding
```bash
$ eval "$(ssh-agent -s)"
Agent pid 7715
$ ssh-add -L
The agent has no identities.
$ ssh-add ~/.ssh/id_rsa
Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local)
$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local
$ tail -2 .ssh/config
Host *
ForwardAgent yes
$ ssh-add -d ~/.ssh/id_rsa
Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local)
```
<!--
show on jumphost
-->
---
## Identities are not permanent
```bash
$ kill -9 7715
$ ssh-add -L
$ eval "$(ssh-agent -s)"
Agent pid 7795
$ ssh-add -L
The agent has no identities.
```
<!--
show on jumphost
-->
- Maybe use something like
```bash
$ echo 'AddKeysToAgent yes' >> ~/.ssh/config
```
- You can [start](https://unix.stackexchange.com/a/390631) `ssh-agent` even via `systemd`.
---
## SSH Agent forwarding is nice but...
- [You should only add servers you trust and that you intend to use with agent forwarding.](https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding)
- [Why using SSH agent-forwarding is a Bad Idea](https://medium.com/kernel-space/why-using-ssh-agent-forwarding-is-a-bad-idea-6cbdff31bbee)
---
## SSH ProxyCommand / ProxyJump
```bash
$ tail -7 .ssh/config
Host 192.168.66.*
# https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
# https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
#ProxyJump user1@10.42.5.6:22
#ProxyCommand ssh -q -W %h:%p user1@10.42.5.6
ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.6 'ssh-add && nc %h %p'
```
- ProxyJump can be chained by
```bash
$ ssh -J <host> -J <host>
```
---
## [SSHFS](https://de.wikipedia.org/wiki/SSHFS)
```bash
$ sshfs [user@]hostname:[directory] mountpoint
```
[More](https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh) information, [macFUSE and SSHFS](https://osxfuse.github.io/) and even [SSHFS-Win](https://osxfuse.github.io/). (mc is the army knife)
---
## mc can do sftp and ssh
---
## Port Forwarding / Tunneling
<!--
ssh -L <localIP>:8000:<qnapIP>:8080 <localIP>
-->
---
### Reverse Tunneling
[Adding / Removing Tunnels within an established connection](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Tunnels#Adding_or_Removing_Tunnels_within_an_Established_Connection)
---
#### sshuttle: where transparent proxy meets VPN meets ssh
<!--https://sshuttle.readthedocs.io/en/stable/manpage.html: -->
> sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation.
>
> To work, you must have root access on the local machine, but you can have a normal account on the server.
>
> It’s valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once.
>
> If run on a router, sshuttle can forward traffic for your entire subnet to the VPN.
---
## SSH and Visual Studio Code
[Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial)
[Remote Development using SSH](https://code.visualstudio.com/docs/remote/ssh)
<!--
ssh root@server "cat /etc/debian_version"
scp jumphost:/tmp/test root@server:/tmp
ssh -p port -t server "sudo whoami"
scp -P port /etc/debian_version server:/tmp/
-->
____ __ ____ ____ _ _
| _ \ _____ _____ _ __ ___ / _| / ___/ ___|| | | |
| |_) / _ \ \ /\ / / _ \ '__| / _ \| |_ \___ \___ \| |_| |
| __/ (_) \ V V / __/ | | (_) | _| ___) |__) | _ |
|_| \___/ \_/\_/ \___|_| \___/|_| |____/____/|_| |_|
Target audience
- linux desktop CLI users
- linux admins
__________________________________________
/ This is the year of linux on the desktop \
| |
| ...Windows10 has WSL ;-) |
\ /
------------------------------------------
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
ssh-agent
The ssh-agent is a helper program that keeps track of user's identity keys and their passphrases. The agent can then use the keys to log into other servers without having the user type in a password or passphrase again. This implements a form of single sign-on (SSO).
Agent Forwarding
$ eval "$(ssh-agent -s)"
Agent pid 7715
$ ssh-add -L
The agent has no identities.
$ ssh-add ~/.ssh/id_rsa
Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local)
$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local
$ tail -2 .ssh/config
Host *
ForwardAgent yes
$ ssh-add -d ~/.ssh/id_rsa
Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local)
Identities are not permanent
$ kill -9 7715
$ ssh-add -L
$ eval "$(ssh-agent -s)"
Agent pid 7795
$ ssh-add -L
The agent has no identities.
- Maybe use something like
$ echo 'AddKeysToAgent yes' >> ~/.ssh/config
- You can start
ssh-agenteven viasystemd.
SSH Agent forwarding is nice but...
- You should only add servers you trust and that you intend to use with agent forwarding.
- Why using SSH agent-forwarding is a Bad Idea
SSH ProxyCommand / ProxyJump
$ tail -7 .ssh/config
Host 192.168.66.*
# https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
# https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
#ProxyJump user1@10.42.5.6:22
#ProxyCommand ssh -q -W %h:%p user1@10.42.5.6
ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.6 'ssh-add && nc %h %p'
- ProxyJump can be chained by
$ ssh -J <host> -J <host>
SSHFS
$ sshfs [user@]hostname:[directory] mountpoint
More information, macFUSE and SSHFS and even SSHFS-Win. (mc is the army knife)
mc can do sftp and ssh
Port Forwarding / Tunneling
Reverse Tunneling
Adding / Removing Tunnels within an established connection
sshuttle: where transparent proxy meets VPN meets ssh
sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation.
To work, you must have root access on the local machine, but you can have a normal account on the server.
It’s valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once.
If run on a router, sshuttle can forward traffic for your entire subnet to the VPN.
SSH and Visual Studio Code
ssh.md
· 4.6 KiB · Markdown
Surowy
# Agent Forwarding
Adding and removing keys to the agent:
```
waja at Brotschneidemaschine in ~
$ eval "$(ssh-agent -s)"
Agent pid 7715
waja at Brotschneidemaschine in ~
$ ssh-add -L
The agent has no identities.
waja at Brotschneidemaschine in ~
$ ssh-add ~/.ssh/id_rsa
Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local)
waja at Brotschneidemaschine in ~
$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local
waja at Brotschneidemaschine in ~
$ tail -2 .ssh/config
Host *
ForwardAgent yes
waja at Brotschneidemaschine in ~
$ ssh-add -d ~/.ssh/id_rsa
Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local)
```
Identities are not permanent, maybe use something like `echo 'AddKeysToAgent yes' >> ~/.ssh/config`.
```
waja in 🌐 jumphost in ~
✦ ❯ kill -9 7715
waja in 🌐 jumphost in ~
✦ ❯ ssh-add -L
Error connecting to agent: Connection refused
waja in 🌐 jumphost in ~
✦ ❯ eval "$(ssh-agent -s)"
Agent pid 7795
waja in 🌐 jumphost in ~
✦ ❯ ssh-add -L
The agent has no identities.
```
You can [start](https://unix.stackexchange.com/a/390631) `ssh-agent` even via `systemd`.
## SSH Agent forwarding is nice but...
[You should only add servers you trust and that you intend to use with agent forwarding.](https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding)
[Why using SSH agent-forwarding is a Bad Idea](https://medium.com/kernel-space/why-using-ssh-agent-forwarding-is-a-bad-idea-6cbdff31bbee)
# SSH ProxyCommand / ProxyJump
```
~ via ☕ via
✦ ❯ tail -7 .ssh/config
Host 192.168.66.*
# https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
# https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
#ProxyJump user1@10.42.5.6:22
#ProxyCommand ssh -q -W %h:%p user1@10.42.5.6
ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.6 'ssh-add && nc %h %p'
```
ProxyJump can be chained by `ssh -J <host> -J <host>`.
# SSH Multiplexing
```
~ via ☕ via
✦ ❯ tail -8 .ssh/config
Host *
# https://www.cyberciti.biz/faq/linux-unix-reuse-openssh-connection/
# https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing
ControlPath ~/.ssh/controlmasters/%r@%h:%p
ControlMaster auto
ControlPersist yes
MaxSessions 10
```
# [SSHFS](https://de.wikipedia.org/wiki/SSHFS)
```
sshfs [user@]hostname:[directory] mountpoint
```
[More](https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh) information, [macFUSE and SSHFS](https://osxfuse.github.io/) and even [SSHFS-Win](https://osxfuse.github.io/). (mc is the amry knife)
# Port Forwarding / Tunneling
## Reverse Tunneling
[Adding / Removing Tunnels within an established connection](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Tunnels#Adding_or_Removing_Tunnels_within_an_Established_Connection)
# sshuttle: where transparent proxy meets VPN meets ssh
https://sshuttle.readthedocs.io/en/stable/manpage.html:
> sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation.
>
> To work, you must have root access on the local machine, but you can have a normal account on the server.
>
> It’s valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once.
>
> If run on a router, sshuttle can forward traffic for your entire subnet to the VPN.
# SSH and Visual Studio Code
[Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial)
[Remote Development using SSH](https://code.visualstudio.com/docs/remote/ssh)
https://www.maketecheasier.com/kill-unresponsive-ssh-session/
Agent Forwarding
Adding and removing keys to the agent:
waja at Brotschneidemaschine in ~
$ eval "$(ssh-agent -s)"
Agent pid 7715
waja at Brotschneidemaschine in ~
$ ssh-add -L
The agent has no identities.
waja at Brotschneidemaschine in ~
$ ssh-add ~/.ssh/id_rsa
Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local)
waja at Brotschneidemaschine in ~
$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local
waja at Brotschneidemaschine in ~
$ tail -2 .ssh/config
Host *
ForwardAgent yes
waja at Brotschneidemaschine in ~
$ ssh-add -d ~/.ssh/id_rsa
Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local)
Identities are not permanent, maybe use something like echo 'AddKeysToAgent yes' >> ~/.ssh/config.
waja in 🌐 jumphost in ~
✦ ❯ kill -9 7715
waja in 🌐 jumphost in ~
✦ ❯ ssh-add -L
Error connecting to agent: Connection refused
waja in 🌐 jumphost in ~
✦ ❯ eval "$(ssh-agent -s)"
Agent pid 7795
waja in 🌐 jumphost in ~
✦ ❯ ssh-add -L
The agent has no identities.
You can start ssh-agent even via systemd.
SSH Agent forwarding is nice but...
You should only add servers you trust and that you intend to use with agent forwarding. Why using SSH agent-forwarding is a Bad Idea
SSH ProxyCommand / ProxyJump
~ via ☕ via
✦ ❯ tail -7 .ssh/config
Host 192.168.66.*
# https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
# https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
#ProxyJump user1@10.42.5.6:22
#ProxyCommand ssh -q -W %h:%p user1@10.42.5.6
ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.6 'ssh-add && nc %h %p'
ProxyJump can be chained by ssh -J <host> -J <host>.
SSH Multiplexing
~ via ☕ via
✦ ❯ tail -8 .ssh/config
Host *
# https://www.cyberciti.biz/faq/linux-unix-reuse-openssh-connection/
# https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/
# https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing
ControlPath ~/.ssh/controlmasters/%r@%h:%p
ControlMaster auto
ControlPersist yes
MaxSessions 10
SSHFS
sshfs [user@]hostname:[directory] mountpoint
More information, macFUSE and SSHFS and even SSHFS-Win. (mc is the amry knife)
Port Forwarding / Tunneling
Reverse Tunneling
Adding / Removing Tunnels within an established connection
sshuttle: where transparent proxy meets VPN meets ssh
https://sshuttle.readthedocs.io/en/stable/manpage.html:
sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation.
To work, you must have root access on the local machine, but you can have a normal account on the server.
It’s valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once.
If run on a router, sshuttle can forward traffic for your entire subnet to the VPN.
SSH and Visual Studio Code
Remote development over SSH
Remote Development using SSH
https://www.maketecheasier.com/kill-unresponsive-ssh-session/
tools.md
· 608 B · Markdown
Surowy
# tmux - terminal multiplexer
[A Quick and Easy Guide to tmux](https://www.hamvocke.com/blog/a-quick-and-easy-guide-to-tmux/)
# Working with serial console
`screen /dev/ttyS0 <speed>`
[Terminal emulators](https://wiki.archlinux.org/title/working_with_the_serial_console#Connect_using_a_terminal_emulator_program)
[Serial Port Tools on Linux](https://vmandela.com/blog/2019/2019-05-28-serial-port-tools.html)
https://github.com/draptik/2020-01-modern-linux-command-line-tools/blob/master/slides.md
https://github.com/MATHEMA-GmbH/2021-06-modern-linux-command-line-tools/blob/main/slides-export.pdf
tmux - terminal multiplexer
A Quick and Easy Guide to tmux
Working with serial console
screen /dev/ttyS0 <speed>
Terminal emulators
Serial Port Tools on Linux
https://github.com/draptik/2020-01-modern-linux-command-line-tools/blob/master/slides.md
https://github.com/MATHEMA-GmbH/2021-06-modern-linux-command-line-tools/blob/main/slides-export.pdf