From 3c1d9989764855728d087060db99ba42322891d2 Mon Sep 17 00:00:00 2001
From: Dhananjay Balan <mail@dbalan.in>
Date: Thu, 14 Feb 2019 10:50:48 -0500
Subject: [PATCH] First version ssh tricks

---
 blog/2019-02-13-ssh-tricks.markdown | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 blog/2019-02-13-ssh-tricks.markdown

diff --git a/blog/2019-02-13-ssh-tricks.markdown b/blog/2019-02-13-ssh-tricks.markdown
new file mode 100644
index 0000000..36149e3
--- /dev/null
+++ b/blog/2019-02-13-ssh-tricks.markdown
@@ -0,0 +1,20 @@
+---
+layout: post
+title: "SSH Tricks"
+date: 2019-02-13
+comments: true
+tags: ssh, shell
+---
+
+SSH is omnipresent, and more or less standard in connecting to remove machines. [Even windows is shipping it](https://www.howtogeek.com/336775/how-to-enable-and-use-windows-10s-built-in-ssh-commands/). These are some less known (IMHO), but cool SSH features. 
+
+This is more of a whats possible list, rather how to though.
+
+1. If you have to ssh to machines only accessible from another control machine, try `-J` flag. `ssh -J control_machine actual_machine` (more details `man ssh`)
+1. GnuPG keys can also be your ssh key: There is no reason to maintain two sets of keys, you can use your gpg keys are ssh keys. [Arch wiki has a nice explanation](https://wiki.archlinux.org/index.php/GnuPG#SSH_agent).
+1. If you do use gpg keys, you can store them on a [Yubikey](https://www.yubico.com/) or any supported hardware keys. This ensures your keys are accessible only when they are plugged it, quite useful if you move around computers a lot.
+1. You can shorten your complicated ssh commands by adding an entry in `~/.ssh/config` file. more [details](https://www.cyberciti.biz/faq/create-ssh-config-file-on-linux-unix/) (also see `man ssh_config`)
+1. If you want to lend your SSH key to a host you ssh to (to ssh from the guest to somewhere else, git clone from github etc) - try the `-A` flag.
+1. [SSH can act as a web proxy to fetch requests via your server](https://www.digitalocean.com/community/tutorials/how-to-route-web-traffic-securely-without-a-vpn-using-a-socks-tunnel) - quite handy as a quick and dirty vpn. Emphasis on quick n dirty - don't use this to replace a regular vpn.
+1. SSH can act as a full fledged VPN (see `-w` flag)
+1. [SSH can create a reverse shell](https://www.howtoforge.com/reverse-ssh-tunneling), useful if you want to expose a machine behind NAT outside.