~dbalan/blogng unlisted

1106321f29758382e6e31e0d8dd892d4c8b834c1 — Dhananjay Balan 1 year, 11 months ago 3c1d998
Published as tweets!
1 files changed, 23 insertions(+), 11 deletions(-)

M blog/2019-02-13-ssh-tricks.markdown
M blog/2019-02-13-ssh-tricks.markdown => blog/2019-02-13-ssh-tricks.markdown +23 -11
@@ 3,18 3,30 @@ layout: post
title: "SSH Tricks"
date: 2019-02-13
comments: true
tags: ssh, shell
tags: ssh, shell, needs-js
---

SSH is omnipresent, and more or less standard in connecting to remove machines. [Even windows is shipping it](https://www.howtogeek.com/336775/how-to-enable-and-use-windows-10s-built-in-ssh-commands/). These are some less known (IMHO), but cool SSH features. 
<blockquote class="twitter-tweet" data-lang="en"><p lang="en" dir="ltr">SSH is omnipresent, its the standard in connecting to a remote machine, even windows is shipping it default (so I am told). <br>These are some less known (IMHO), but cool SSH features. Best way to read more is to read relevant section in *man ssh*</p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069717666742274?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>

<blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr">If you have to ssh to machines only accessible from another control machine, checkout *-J* flag. &quot;ssh -J control_machine actual_machine&quot;</p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069718665019392?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>

<blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr">GnuPG keys can also be your ssh key: There is no reason to maintain two sets of keys, you can use your gpg keys are ssh keys. Arch wiki has a nice explanation: <a href="https://t.co/sk5tub39Ad">https://t.co/sk5tub39Ad</a></p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069719319367681?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>


<blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr">If you do use gpg keys, you can store them on a <a href="https://twitter.com/Yubico?ref_src=twsrc%5Etfw">@Yubico</a> &quot;Yubikey&quot; (<a href="https://t.co/at94SwI1E1">https://t.co/at94SwI1E1</a>) or any supported hardware key(like <a href="https://twitter.com/nitrokey?ref_src=twsrc%5Etfw">@nitrokey</a>). This ensures your keys are accessible only when they are plugged in, quite useful if you move around computers a lot.</p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069720162357249?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>

<blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr">You can shorten your complicated ssh commands by adding an entry in *~/.ssh/config* file. see *man ssh_config*</p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069721135480833?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>

<blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr">If you want to lend your SSH key to a host you ssh to (to ssh from the guest to somewhere else, git clone from github on guest etc) - checkout the *-A* flag.</p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069721902993409?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>

<blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr">SSH can act as a web proxy to fetch requests via your server. Quite handy as a quick and dirty vpn. Emphasis on quick n dirty - don&#39;t use this to replace a regular vpn.<a href="https://t.co/1VWG9rT70U">https://t.co/1VWG9rT70U</a></p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069722733510658?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>

<blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr">SSH can create a reverse shell](<a href="https://t.co/JQlxzi1ocJ">https://t.co/JQlxzi1ocJ</a>), useful if you want to expose a machine behind NAT outside.</p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069723509411841?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>
<blockquote class="twitter-tweet" data-conversation="none" data-lang="en"><p lang="en" dir="ltr">I am sure SSH can do much more! Whats your nifty less known SSH feature?</p>&mdash; Dhananjay Balan (@notmycommit) <a href="https://twitter.com/notmycommit/status/1096069724406984716?ref_src=twsrc%5Etfw">February 14, 2019</a></blockquote>
<script async src="https://platform.twitter.com/widgets.js" charset="utf-8"></script>





This is more of a whats possible list, rather how to though.

1. If you have to ssh to machines only accessible from another control machine, try `-J` flag. `ssh -J control_machine actual_machine` (more details `man ssh`)
1. GnuPG keys can also be your ssh key: There is no reason to maintain two sets of keys, you can use your gpg keys are ssh keys. [Arch wiki has a nice explanation](https://wiki.archlinux.org/index.php/GnuPG#SSH_agent).
1. If you do use gpg keys, you can store them on a [Yubikey](https://www.yubico.com/) or any supported hardware keys. This ensures your keys are accessible only when they are plugged it, quite useful if you move around computers a lot.
1. You can shorten your complicated ssh commands by adding an entry in `~/.ssh/config` file. more [details](https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/) (also see `man ssh_config`)
1. If you want to lend your SSH key to a host you ssh to (to ssh from the guest to somewhere else, git clone from github etc) - try the `-A` flag.
1. [SSH can act as a web proxy to fetch requests via your server](https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel) - quite handy as a quick and dirty vpn. Emphasis on quick n dirty - don't use this to replace a regular vpn.
1. SSH can act as a full fledged VPN (see `-w` flag)
1. [SSH can create a reverse shell](https://www.howtoforge.com/reverse-ssh-tunneling), useful if you want to expose a machine behind NAT outside.