I recently discovered I could SSH into a machine, and actually pop open Sublime Text on my machine to edit a file (no X forwarding, my hotkeys) with rsub. You just have to tunnel/forward the port with ssh -R 52698:localhost:52698 ... I think mounting the whole directory via FUSE is arguably better, but this works great for specific files.
I would put sshfs as one of the top ssh “hacks”. It is enormously powerful because:
It doesn’t need anything beyond vanilla ssh on the target, which is great for embedded linux with minimal environments, or systems where you have full control over the host (your dev machine), but can’t or don’t want to install extra tools on the target.
You can then use any tool you like on the host to view and manipulate data on the target (rsync, visual diff programs, image and video viewers, etc.).
It doesn’t need anything beyond vanilla ssh on the target, which is great for embedded linux with minimal environments
Well, it requires an sshd that provides sftp support, which some sshds (e.g. dropbear) do not. That said, sshfs is still an awesome tool (I use it all the time).
Thanks for the correction! I thought I had it working with a device running dropbear, but I’ve just checked, and it’s actually running dropbear with openssh sftp.
For persistent connections, I use autossh and tmux. I have a small script that looks for the session ID environment variable in my terminal and uses autossh to connect to a remote tmux session with that ID. On macOS, where the terminal persists session IDs across restarts, it also my writes a file in ~/.terms with the session ID as its name, containing the remote host name. My .bashrc looks in that file on startup and restores the sesson. I can reboot my Mac and on reboot all of my remote SSH sessions come back. I miss that feature on every other system I use.
2FA for SSH sounds great but I can only imagine how cumbersome it must be for using on a daily basis. I’ve recently started permanently locking my SSH ports and only briefly whitelisting them for only my IP with a bash scripts whenever the access is needed https://pawelurbanek.com/ec2-ssh-dynamic-access
If you use a U2F hardware key instead of TOTP it’s not cumbersome at all.
I use a Yubikey 5 Nano which is always in my laptop and use OpenSSH’s native PKCS#11 support to use the Yubikey as a hardware-backed SSH key. I documented how I did it at https://github.com/jamesog/yubikey-ssh.
(Yubikeys can also do TOTP if you want to use a regular SSH key.)
Yes, it’s configured using ControlMaster, ControlPath, and ControlPersist. Once you enable ControlMaster a socket is created which future connections will use. Once that’s enabled if you SSH to a 2FA-enabled server you’ll only have to do that once, as long as the control socket is alive.
I recently discovered I could SSH into a machine, and actually pop open Sublime Text on my machine to edit a file (no X forwarding, my hotkeys) with rsub. You just have to tunnel/forward the port with
ssh -R 52698:localhost:52698 ... I think mounting the whole directory via FUSE is arguably better, but this works great for specific files.rsub! (I know I’m waaay late to the party)
I would put sshfs as one of the top ssh “hacks”. It is enormously powerful because:
Well, it requires an sshd that provides sftp support, which some sshds (e.g. dropbear) do not. That said, sshfs is still an awesome tool (I use it all the time).
Thanks for the correction! I thought I had it working with a device running dropbear, but I’ve just checked, and it’s actually running dropbear with openssh sftp.
With vim, you can directly open a remote file through ssh, no need to mount anything:
Probably many other editors have this simple functionality.
Yeah, Emacs has this functionality as well; it’s pretty life changing that you can just refer to a remote file by path.
For persistent connections, I use autossh and tmux. I have a small script that looks for the session ID environment variable in my terminal and uses autossh to connect to a remote tmux session with that ID. On macOS, where the terminal persists session IDs across restarts, it also my writes a file in ~/.terms with the session ID as its name, containing the remote host name. My .bashrc looks in that file on startup and restores the sesson. I can reboot my Mac and on reboot all of my remote SSH sessions come back. I miss that feature on every other system I use.
2FA for SSH sounds great but I can only imagine how cumbersome it must be for using on a daily basis. I’ve recently started permanently locking my SSH ports and only briefly whitelisting them for only my IP with a bash scripts whenever the access is needed https://pawelurbanek.com/ec2-ssh-dynamic-access
If you use a U2F hardware key instead of TOTP it’s not cumbersome at all.
I use a Yubikey 5 Nano which is always in my laptop and use OpenSSH’s native PKCS#11 support to use the Yubikey as a hardware-backed SSH key. I documented how I did it at https://github.com/jamesog/yubikey-ssh.
(Yubikeys can also do TOTP if you want to use a regular SSH key.)
I think I read about beign able to reuse a SSH connection after it’s established. Something like connection reuse or multuplexing.
Would surely make using multiple connections much easier after the first one is established.
Yes, it’s configured using
ControlMaster,ControlPath, andControlPersist. Once you enableControlMastera socket is created which future connections will use. Once that’s enabled if you SSH to a 2FA-enabled server you’ll only have to do that once, as long as the control socket is alive.