@@ 0,0 1,20 @@
title: "SSH Tricks"
tags: ssh, shell
SSH is omnipresent, and more or less standard in connecting to remove machines. [Even windows is shipping it](https://www.howtogeek.com/336775/how-to-enable-and-use-windows-10s-built-in-ssh-commands/). These are some less known (IMHO), but cool SSH features.
This is more of a whats possible list, rather how to though.
1. If you have to ssh to machines only accessible from another control machine, try `-J` flag. `ssh -J control_machine actual_machine` (more details `man ssh`)
1. GnuPG keys can also be your ssh key: There is no reason to maintain two sets of keys, you can use your gpg keys are ssh keys. [Arch wiki has a nice explanation](https://wiki.archlinux.org/index.php/GnuPG#SSH_agent).
1. If you do use gpg keys, you can store them on a [Yubikey](https://www.yubico.com/) or any supported hardware keys. This ensures your keys are accessible only when they are plugged it, quite useful if you move around computers a lot.
1. You can shorten your complicated ssh commands by adding an entry in `~/.ssh/config` file. more [details](https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/) (also see `man ssh_config`)
1. If you want to lend your SSH key to a host you ssh to (to ssh from the guest to somewhere else, git clone from github etc) - try the `-A` flag.
1. [SSH can act as a web proxy to fetch requests via your server](https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel) - quite handy as a quick and dirty vpn. Emphasis on quick n dirty - don't use this to replace a regular vpn.
1. SSH can act as a full fledged VPN (see `-w` flag)
1. [SSH can create a reverse shell](https://www.howtoforge.com/reverse-ssh-tunneling), useful if you want to expose a machine behind NAT outside.