<style type="text/css"> .reveal p { text-align: left; } .reveal ul { display: block; } .reveal ol { display: block; } </style> ```text ____ __ ____ ____ _ _ | _ \ _____ _____ _ __ ___ / _| / ___/ ___|| | | | | |_) / _ \ \ /\ / / _ \ '__| / _ \| |_ \___ \___ \| |_| | | __/ (_) \ V V / __/ | | (_) | _| ___) |__) | _ | |_| \___/ \_/\_/ \___|_| \___/|_| |____/____/|_| |_| ``` --- ## Target audience - linux desktop CLI users - linux admins ```text __________________________________________ / This is the year of linux on the desktop \ | | | ...Windows10 has WSL ;-) | \ / ------------------------------------------ \ ^__^ \ (oo)\_______ (__)\ )\/\ ||----w | || || ``` --- ## [ssh-agent](https://www.ssh.com/academy/ssh/agent) > The ssh-agent is a helper program that keeps track of user's identity keys and their passphrases. The agent can then use the keys to log into other servers without having the user type in a password or passphrase again. This implements a form of single sign-on (SSO). --- ---

# Agent Forwarding Adding and removing keys to the agent: ``` waja at Brotschneidemaschine in ~ $ eval "$(ssh-agent -s)" Agent pid 7715 waja at Brotschneidemaschine in ~ $ ssh-add -L The agent has no identities. waja at Brotschneidemaschine in ~ $ ssh-add ~/.ssh/id_rsa Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local) waja at Brotschneidemaschine in ~ $ ssh-add -L ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local waja at Brotschneidemaschine in ~ $ tail -2 .ssh/config Host * ForwardAgent yes waja at Brotschneidemaschine in ~ $ ssh-add -d ~/.ssh/id_rsa Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local) ``` Identities are not permanent, maybe use something like `echo 'AddKeysToAgent yes' >> ~/.ssh/config`. ``` waja in 🌐 jumphost in ~ ✦ ❯ kill -9 7715 waja in 🌐 jumphost in ~ ✦ ❯ ssh-add -L Error connecting to agent: Connection refused waja in 🌐 jumphost in ~ ✦ ❯ eval "$(ssh-agent -s)" Agent pid 7795 waja in 🌐 jumphost in ~ ✦ ❯ ssh-add -L The agent has no identities. ``` You can [start](https://unix.stackexchange.com/a/390631) `ssh-agent` even via `systemd`. ## SSH Agent forwarding is nice but... [You should only add servers you trust and that you intend to use with agent forwarding.](https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding) [Why using SSH agent-forwarding is a Bad Idea](https://medium.com/kernel-space/why-using-ssh-agent-forwarding-is-a-bad-idea-6cbdff31bbee) # SSH ProxyCommand / ProxyJump ``` ~ via ☕ via  ✦ ❯ tail -7 .ssh/config Host 192.168.66.* # https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/ # https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/ # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts #ProxyJump user1@10.42.5.6:22 #ProxyCommand ssh -q -W %h:%p user1@10.42.5.6 ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.6 'ssh-add && nc %h %p' ``` ProxyJump can be chained by `ssh -J <host> -J <host>`. # SSH Multiplexing ``` ~ via ☕ via  ✦ ❯ tail -8 .ssh/config Host * # https://www.cyberciti.biz/faq/linux-unix-reuse-openssh-connection/ # https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/ # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing ControlPath ~/.ssh/controlmasters/%r@%h:%p ControlMaster auto ControlPersist yes MaxSessions 10 ``` # [SSHFS](https://de.wikipedia.org/wiki/SSHFS) ``` sshfs [user@]hostname:[directory] mountpoint ``` [More](https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh) information, [macFUSE and SSHFS](https://osxfuse.github.io/) and even [SSHFS-Win](https://osxfuse.github.io/). (mc is the amry knife) # Port Forwarding / Tunneling  ## Reverse Tunneling  [Adding / Removing Tunnels within an established connection](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Tunnels#Adding_or_Removing_Tunnels_within_an_Established_Connection) # sshuttle: where transparent proxy meets VPN meets ssh https://sshuttle.readthedocs.io/en/stable/manpage.html: > sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation. > > To work, you must have root access on the local machine, but you can have a normal account on the server. > > It’s valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once. > > If run on a router, sshuttle can forward traffic for your entire subnet to the VPN. # SSH and Visual Studio Code [Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial) [Remote Development using SSH](https://code.visualstudio.com/docs/remote/ssh) https://www.maketecheasier.com/kill-unresponsive-ssh-session/

# tmux - terminal multiplexer [A Quick and Easy Guide to tmux](https://www.hamvocke.com/blog/a-quick-and-easy-guide-to-tmux/) # Working with serial console `screen /dev/ttyS0 <speed>` [Terminal emulators](https://wiki.archlinux.org/title/working_with_the_serial_console#Connect_using_a_terminal_emulator_program) [Serial Port Tools on Linux](https://vmandela.com/blog/2019/2019-05-28-serial-port-tools.html) https://github.com/draptik/2020-01-modern-linux-command-line-tools/blob/master/slides.md https://github.com/MATHEMA-GmbH/2021-06-modern-linux-command-line-tools/blob/main/slides-export.pdf