Like 0
Fork 0

Last active 6 months ago

Jan Wagner revised this gist 3 years ago. Go to revision

1 file changed, 122 deletions

ssh.md (file deleted)

@@ -1,122 +0,0 @@
1 - # Agent Forwarding
2 -
3 - Adding and removing keys to the agent:
4 - ```
5 - waja at Brotschneidemaschine in ~
6 - $ eval "$(ssh-agent -s)"
7 - Agent pid 7715
8 -
9 - waja at Brotschneidemaschine in ~
10 - $ ssh-add -L
11 - The agent has no identities.
12 -
13 - waja at Brotschneidemaschine in ~
14 - $ ssh-add ~/.ssh/id_rsa
15 - Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local)
16 -
17 - waja at Brotschneidemaschine in ~
18 - $ ssh-add -L
19 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local
20 -
21 - waja at Brotschneidemaschine in ~
22 - $ tail -2 .ssh/config
23 - Host *
24 - ForwardAgent yes
25 -
26 - waja at Brotschneidemaschine in ~
27 - $ ssh-add -d ~/.ssh/id_rsa
28 - Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local)
29 - ```
30 - Identities are not permanent, maybe use something like `echo 'AddKeysToAgent yes' >> ~/.ssh/config`.
31 - ```
32 - waja in 🌐 jumphost in ~
33 - ✦ ❯ kill -9 7715
34 -
35 - waja in 🌐 jumphost in ~
36 - ✦ ❯ ssh-add -L
37 - Error connecting to agent: Connection refused
38 -
39 - waja in 🌐 jumphost in ~
40 - ✦ ❯ eval "$(ssh-agent -s)"
41 - Agent pid 7795
42 -
43 - waja in 🌐 jumphost in ~
44 - ✦ ❯ ssh-add -L
45 - The agent has no identities.
46 - ```
47 -
48 - You can [start](https://unix.stackexchange.com/a/390631) `ssh-agent` even via `systemd`.
49 -
50 - ## SSH Agent forwarding is nice but...
51 -
52 - [You should only add servers you trust and that you intend to use with agent forwarding.](https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding)
53 - [Why using SSH agent-forwarding is a Bad Idea](https://medium.com/kernel-space/why-using-ssh-agent-forwarding-is-a-bad-idea-6cbdff31bbee)
54 -
55 - # SSH ProxyCommand / ProxyJump
56 -
57 - ```
58 - ~ via ☕ via 
59 - ✦ ❯ tail -7 .ssh/config
60 - Host 192.168.66.*
61 - # https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
62 - # https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/
63 - # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
64 - #ProxyJump user1@10.42.5.6:22
65 - #ProxyCommand ssh -q -W %h:%p user1@10.42.5.6
66 - ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.6 'ssh-add && nc %h %p'
67 -
68 - ```
69 -
70 - ProxyJump can be chained by `ssh -J <host> -J <host>`.
71 -
72 - # SSH Multiplexing
73 -
74 - ```
75 - ~ via ☕ via 
76 - ✦ ❯ tail -8 .ssh/config
77 - Host *
78 - # https://www.cyberciti.biz/faq/linux-unix-reuse-openssh-connection/
79 - # https://blog.scottlowe.org/2015/12/11/using-ssh-multiplexing/
80 - # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Multiplexing
81 - ControlPath ~/.ssh/controlmasters/%r@%h:%p
82 - ControlMaster auto
83 - ControlPersist yes
84 - MaxSessions 10
85 - ```
86 -
87 - # [SSHFS](https://de.wikipedia.org/wiki/SSHFS)
88 -
89 - ```
90 - sshfs [user@]hostname:[directory] mountpoint
91 - ```
92 -
93 - [More](https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh) information, [macFUSE and SSHFS](https://osxfuse.github.io/) and even [SSHFS-Win](https://osxfuse.github.io/). (mc is the amry knife)
94 -
95 - # Port Forwarding / Tunneling
96 -
97 - ![SSH Tunnel](https://sslhowto.files.wordpress.com/2021/08/2922a-59b8e0_117ab19cfc3a42219ebb7ca9efa5c158mv2.png)
98 -
99 - ## Reverse Tunneling
100 -
101 - ![Reverse SSH Tunnel](https://sslhowto.files.wordpress.com/2021/08/86851-59b8e0_acd645df4dc647189417de5c5c57bfe5mv2.png)
102 -
103 - [Adding / Removing Tunnels within an established connection](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Tunnels#Adding_or_Removing_Tunnels_within_an_Established_Connection)
104 -
105 - # sshuttle: where transparent proxy meets VPN meets ssh
106 -
107 - https://sshuttle.readthedocs.io/en/stable/manpage.html:
108 - > sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation.
109 - >
110 - > To work, you must have root access on the local machine, but you can have a normal account on the server.
111 - >
112 - > It’s valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once.
113 - >
114 - > If run on a router, sshuttle can forward traffic for your entire subnet to the VPN.
115 -
116 - # SSH and Visual Studio Code
117 -
118 - [Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial)
119 - [Remote Development using SSH](https://code.visualstudio.com/docs/remote/ssh)
120 -
121 -
122 - https://www.maketecheasier.com/kill-unresponsive-ssh-session/

Jan Wagner revised this gist 3 years ago. Go to revision

1 file changed, 9 insertions, 2 deletions

slides.md

@@ -74,7 +74,7 @@ Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local)
74 74 ```
75 75
76 76 <!--
77 - show on jumphost / workstation
77 + show on jumphost
78 78 -->
79 79
80 80 ---
@@ -91,7 +91,7 @@ The agent has no identities.
91 91 ```
92 92
93 93 <!--
94 - show on jumphost / workstation
94 + show on jumphost
95 95 -->
96 96
97 97 - Maybe use something like
@@ -181,3 +181,10 @@ ssh -L <localIP>:8000:<qnapIP>:8080 <localIP>
181 181
182 182 [Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial)
183 183 [Remote Development using SSH](https://code.visualstudio.com/docs/remote/ssh)
184 +
185 + <!--
186 + ssh root@server "cat /etc/debian_version"
187 + scp jumphost:/tmp/test root@server:/tmp
188 + ssh -p port -t server "sudo whoami"
189 + scp -P port /etc/debian_version server:/tmp/
190 + -->

Jan Wagner revised this gist 3 years ago. Go to revision

1 file changed, 133 insertions, 1 deletion

slides.md

@@ -1,6 +1,6 @@
1 1 <style type="text/css">
2 2 .reveal p {
3 - text-align: left;
3 + text-align: center;
4 4 }
5 5 .reveal ul {
6 6 display: block;
@@ -8,6 +8,13 @@
8 8 .reveal ol {
9 9 display: block;
10 10 }
11 + .reveal blockquote {
12 + font-size: 70%;
13 + }
14 + .reveal-viewport {
15 + background: #d1cec6;
16 + background-color: #d1cec6;
17 + }
11 18 </style>
12 19
13 20 ```text
@@ -18,6 +25,7 @@
18 25 |_| \___/ \_/\_/ \___|_| \___/|_| |____/____/|_| |_|
19 26
20 27 ```
28 +
21 29 ---
22 30
23 31 ## Target audience
@@ -47,5 +55,129 @@
47 55
48 56 ---
49 57
58 + ## Agent Forwarding
59 +
60 + ```bash
61 + $ eval "$(ssh-agent -s)"
62 + Agent pid 7715
63 + $ ssh-add -L
64 + The agent has no identities.
65 + $ ssh-add ~/.ssh/id_rsa
66 + Identity added: /Users/waja/.ssh/id_rsa (waja@Brotschneidemaschine.local)
67 + $ ssh-add -L
68 + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCfovU+pdwsO4ubyG8kldmtFwVcfNIbJX8Qvi+4rWKmkcEx7xdz27o+CrCXyu3eSbw8q/BVNZImwbs3C4dCBZ+o7ZtHmJGYzyrIOkY1AD1kdf0tbH3boEqoL46xOx8zGIUWCcuJd+bzMw/ub/5Qf+yW6a00h4szFiREyM6k2y+0gF21ewoSKPZp+XTFFXfOoGAllJ1rhQq+PScUHHu81Ft9bl18e0SWKRJd/EOiI+2/GAb/jtYo0lxyIk1GrmZDA80Tew7Mv636zWfXUaL1Tr4Y8Wxmeetr97MLcVcY9hMZmQlcmurDqeIJdWn1IAr8IRieLJZPiMjt09LZ2EAd/TmI2lbfy3c+013qmc4YoOhXDlRgoS5qeQr/zupP1/0ATzG37pGtkomO1zz9WBafFy5ewzIU1YUArV+/PNWbVdrnIEOKmHF/YM/ZCA5JwFp7M/8FOHZrM6KvCwcnmtHOzU+0y7eHYejUHTBOIrk9/SfP37IFEELaNrEJdDokQBXpT38= waja@Brotschneidemaschine.local
69 + $ tail -2 .ssh/config
70 + Host *
71 + ForwardAgent yes
72 + $ ssh-add -d ~/.ssh/id_rsa
73 + Identity removed: /Users/waja/.ssh/id_rsa RSA (waja@Brotschneidemaschine.local)
74 + ```
75 +
76 + <!--
77 + show on jumphost / workstation
78 + -->
79 +
80 + ---
81 +
82 + ## Identities are not permanent
83 +
84 + ```bash
85 + $ kill -9 7715
86 + $ ssh-add -L
87 + $ eval "$(ssh-agent -s)"
88 + Agent pid 7795
89 + $ ssh-add -L
90 + The agent has no identities.
91 + ```
92 +
93 + <!--
94 + show on jumphost / workstation
95 + -->
96 +
97 + - Maybe use something like
98 + ```bash
99 + $ echo 'AddKeysToAgent yes' >> ~/.ssh/config
100 + ```
101 + - You can [start](https://unix.stackexchange.com/a/390631) `ssh-agent` even via `systemd`.
102 +
103 + ---
104 +
105 + ## SSH Agent forwarding is nice but...
106 +
107 + - [You should only add servers you trust and that you intend to use with agent forwarding.](https://docs.github.com/en/developers/overview/using-ssh-agent-forwarding)
108 + - [Why using SSH agent-forwarding is a Bad Idea](https://medium.com/kernel-space/why-using-ssh-agent-forwarding-is-a-bad-idea-6cbdff31bbee)
109 +
110 + ---
111 +
112 + ## SSH ProxyCommand / ProxyJump
113 +
114 + ```bash
115 + $ tail -7 .ssh/config
116 + Host 192.168.66.*
117 + # https://www.cyberciti.biz/faq/linux-unix-ssh-proxycommand-passing-through-one-host-gateway-server/
118 + # https://goteleport.com/blog/ssh-proxyjump-ssh-proxycommand/
119 + # https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Proxies_and_Jump_Hosts
120 + #ProxyJump user1@10.42.5.6:22
121 + #ProxyCommand ssh -q -W %h:%p user1@10.42.5.6
122 + ProxyCommand ssh -o 'ForwardAgent yes' 10.42.5.6 'ssh-add && nc %h %p'
123 +
124 + ```
125 +
126 + - ProxyJump can be chained by
127 + ```bash
128 + $ ssh -J <host> -J <host>
129 + ```
130 +
131 + ---
132 +
133 + ## [SSHFS](https://de.wikipedia.org/wiki/SSHFS)
134 +
135 + ```bash
136 + $ sshfs [user@]hostname:[directory] mountpoint
137 + ```
138 +
139 + [More](https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh) information, [macFUSE and SSHFS](https://osxfuse.github.io/) and even [SSHFS-Win](https://osxfuse.github.io/). (mc is the army knife)
140 +
141 + ---
142 +
143 + ## mc can do sftp and ssh
144 +
145 + ![mc](images/mc.png)
146 +
147 + ---
148 +
149 + ## Port Forwarding / Tunneling
150 +
151 + ![SSH Tunnel](https://sslhowto.files.wordpress.com/2021/08/2922a-59b8e0_117ab19cfc3a42219ebb7ca9efa5c158mv2.png)
152 +
153 + <!--
154 + ssh -L <localIP>:8000:<qnapIP>:8080 <localIP>
155 + -->
156 +
157 + ---
158 +
159 + ### Reverse Tunneling
160 +
161 + ![Reverse SSH Tunnel](https://sslhowto.files.wordpress.com/2021/08/86851-59b8e0_acd645df4dc647189417de5c5c57bfe5mv2.png)
162 +
163 + [Adding / Removing Tunnels within an established connection](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Tunnels#Adding_or_Removing_Tunnels_within_an_Established_Connection)
50 164
51 165 ---
166 +
167 + #### sshuttle: where transparent proxy meets VPN meets ssh
168 +
169 + <!--https://sshuttle.readthedocs.io/en/stable/manpage.html: -->
170 + > sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation.
171 + >
172 + > To work, you must have root access on the local machine, but you can have a normal account on the server.
173 + >
174 + > It’s valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once.
175 + >
176 + > If run on a router, sshuttle can forward traffic for your entire subnet to the VPN.
177 +
178 + ---
179 +
180 + ## SSH and Visual Studio Code
181 +
182 + [Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial)
183 + [Remote Development using SSH](https://code.visualstudio.com/docs/remote/ssh)

Jan Wagner revised this gist 3 years ago. Go to revision

1 file changed, 51 insertions

slides.md(file created)

@@ -0,0 +1,51 @@
1 + <style type="text/css">
2 + .reveal p {
3 + text-align: left;
4 + }
5 + .reveal ul {
6 + display: block;
7 + }
8 + .reveal ol {
9 + display: block;
10 + }
11 + </style>
12 +
13 + ```text
14 + ____ __ ____ ____ _ _
15 + | _ \ _____ _____ _ __ ___ / _| / ___/ ___|| | | |
16 + | |_) / _ \ \ /\ / / _ \ '__| / _ \| |_ \___ \___ \| |_| |
17 + | __/ (_) \ V V / __/ | | (_) | _| ___) |__) | _ |
18 + |_| \___/ \_/\_/ \___|_| \___/|_| |____/____/|_| |_|
19 +
20 + ```
21 + ---
22 +
23 + ## Target audience
24 +
25 + - linux desktop CLI users
26 + - linux admins
27 +
28 + ```text
29 + __________________________________________
30 + / This is the year of linux on the desktop \
31 + | |
32 + | ...Windows10 has WSL ;-) |
33 + \ /
34 + ------------------------------------------
35 + \ ^__^
36 + \ (oo)\_______
37 + (__)\ )\/\
38 + ||----w |
39 + || ||
40 + ```
41 +
42 + ---
43 +
44 + ## [ssh-agent](https://www.ssh.com/academy/ssh/agent)
45 +
46 + > The ssh-agent is a helper program that keeps track of user's identity keys and their passphrases. The agent can then use the keys to log into other servers without having the user type in a password or passphrase again. This implements a form of single sign-on (SSO).
47 +
48 + ---
49 +
50 +
51 + ---

waja revised this gist 3 years ago. Go to revision

1 file changed, 1 insertion, 1 deletion

tools.md

@@ -4,7 +4,7 @@
4 4
5 5 # Working with serial console
6 6
7 - `screen /dev/ttyS0 <speed>`
7 + `screen /dev/ttyS0 <speed>`
8 8 [Terminal emulators](https://wiki.archlinux.org/title/working_with_the_serial_console#Connect_using_a_terminal_emulator_program)
9 9 [Serial Port Tools on Linux](https://vmandela.com/blog/2019/2019-05-28-serial-port-tools.html)
10 10

waja revised this gist 3 years ago. Go to revision

1 file changed, 4 insertions, 1 deletion

tools.md

@@ -6,4 +6,7 @@
6 6
7 7 `screen /dev/ttyS0 <speed>`
8 8 [Terminal emulators](https://wiki.archlinux.org/title/working_with_the_serial_console#Connect_using_a_terminal_emulator_program)
9 - [Serial Port Tools on Linux](https://vmandela.com/blog/2019/2019-05-28-serial-port-tools.html)
9 + [Serial Port Tools on Linux](https://vmandela.com/blog/2019/2019-05-28-serial-port-tools.html)
10 +
11 + https://github.com/draptik/2020-01-modern-linux-command-line-tools/blob/master/slides.md
12 + https://github.com/MATHEMA-GmbH/2021-06-modern-linux-command-line-tools/blob/main/slides-export.pdf

waja revised this gist 3 years ago. Go to revision

1 file changed, 9 insertions

tools.md(file created)

@@ -0,0 +1,9 @@
1 + # tmux - terminal multiplexer
2 +
3 + [A Quick and Easy Guide to tmux](https://www.hamvocke.com/blog/a-quick-and-easy-guide-to-tmux/)
4 +
5 + # Working with serial console
6 +
7 + `screen /dev/ttyS0 <speed>`
8 + [Terminal emulators](https://wiki.archlinux.org/title/working_with_the_serial_console#Connect_using_a_terminal_emulator_program)
9 + [Serial Port Tools on Linux](https://vmandela.com/blog/2019/2019-05-28-serial-port-tools.html)

waja revised this gist 3 years ago. Go to revision

1 file changed, 1 insertion, 1 deletion

ssh.md

@@ -115,7 +115,7 @@ https://sshuttle.readthedocs.io/en/stable/manpage.html:
115 115
116 116 # SSH and Visual Studio Code
117 117
118 - [Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial)
118 + [Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial)
119 119 [Remote Development using SSH](https://code.visualstudio.com/docs/remote/ssh)
120 120
121 121

waja revised this gist 3 years ago. Go to revision

1 file changed, 19 insertions

ssh.md

@@ -100,4 +100,23 @@ sshfs [user@]hostname:[directory] mountpoint
100 100
101 101 ![Reverse SSH Tunnel](https://sslhowto.files.wordpress.com/2021/08/86851-59b8e0_acd645df4dc647189417de5c5c57bfe5mv2.png)
102 102
103 + [Adding / Removing Tunnels within an established connection](https://en.wikibooks.org/wiki/OpenSSH/Cookbook/Tunnels#Adding_or_Removing_Tunnels_within_an_Established_Connection)
104 +
105 + # sshuttle: where transparent proxy meets VPN meets ssh
106 +
107 + https://sshuttle.readthedocs.io/en/stable/manpage.html:
108 + > sshuttle allows you to create a VPN connection from your machine to any remote server that you can connect to via ssh, as long as that server has a sufficiently new Python installation.
109 + >
110 + > To work, you must have root access on the local machine, but you can have a normal account on the server.
111 + >
112 + > It’s valid to run sshuttle more than once simultaneously on a single client machine, connecting to a different server every time, so you can be on more than one VPN at once.
113 + >
114 + > If run on a router, sshuttle can forward traffic for your entire subnet to the VPN.
115 +
116 + # SSH and Visual Studio Code
117 +
118 + [Remote development over SSH](https://code.visualstudio.com/docs/remote/ssh-tutorial)
119 + [Remote Development using SSH](https://code.visualstudio.com/docs/remote/ssh)
120 +
121 +
103 122 https://www.maketecheasier.com/kill-unresponsive-ssh-session/

waja revised this gist 3 years ago. Go to revision

1 file changed, 4 insertions, 2 deletions

ssh.md

@@ -90,12 +90,14 @@ Host *
90 90 sshfs [user@]hostname:[directory] mountpoint
91 91 ```
92 92
93 - [More](https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh) information, [macFUSE and SSHFS](https://osxfuse.github.io/) and even [SSHFS-Win](https://osxfuse.github.io/).
93 + [More](https://www.digitalocean.com/community/tutorials/how-to-use-sshfs-to-mount-remote-file-systems-over-ssh) information, [macFUSE and SSHFS](https://osxfuse.github.io/) and even [SSHFS-Win](https://osxfuse.github.io/). (mc is the amry knife)
94 94
95 95 # Port Forwarding / Tunneling
96 96
97 - ! [SSH Tunnel](https://sslhowto.files.wordpress.com/2021/08/2922a-59b8e0_117ab19cfc3a42219ebb7ca9efa5c158mv2.png)
97 + ![SSH Tunnel](https://sslhowto.files.wordpress.com/2021/08/2922a-59b8e0_117ab19cfc3a42219ebb7ca9efa5c158mv2.png)
98 98
99 99 ## Reverse Tunneling
100 100
101 + ![Reverse SSH Tunnel](https://sslhowto.files.wordpress.com/2021/08/86851-59b8e0_acd645df4dc647189417de5c5c57bfe5mv2.png)
102 +
101 103 https://www.maketecheasier.com/kill-unresponsive-ssh-session/
Newer Older

Powered by Opengist Load: 38ms

English