136 private links
*0:00* - Introduction to Terminals, PTY, and TTY
*0:08* - Running Commands and the Role of the Shell (e.g., Zsh, Bash)
*1:50* - What is TTY (Teletypewriter)?
*2:09* - Virtual Consoles and Terminal Emulators
*2:41* - Pseudo-Terminals (PTY) and Terminal Simulation
*2:50* - ANSI Escape Codes for Formatting (Color, Underline, Bold)
*3:57* - Interpretation of ANSI Codes by Terminal Emulators
*4:46* - Parsing ANSI Codes (Example with `pyte` and HTML)
*6:29* - Processes, Controlling Terminals, and Signals (Ctrl+C, SIGHUP)
*7:47* - How PTY Works and Why it's Needed
*8:32* - Line Discipline: Cooked Mode (Canonical) vs. Raw Mode
*9:40* - Line Discipline: Echoing
*9:53* - Changing Terminal Options with `stty` (Disabling Canonical Mode and Echoing)
*10:41* - Signal Management and Flow Control (Ctrl+S, Ctrl+Q)
*11:49* - Window Size and Resizing Events (SIGWINCH)
*13:47* - PTY and Remote Connections (SSH and PTY)
*14:58* - Summary
The TTY subsystem is central to the design of Linux, and UNIX in general. Unfortunately, its importance is often overlooked, and it is difficult to find good introductory articles about it. I believe that a basic understanding of TTYs in Linux is essential for the developer and the advanced user.
Beware, though: What you are about to see is not particularly elegant. In fact, the TTY subsystem — while quite functional from a user's point of view — is a twisty little mess of special cases. To understand how this came to be, we have to go back in time.
SSH tunneling (also known as SSH port forwarding) is powerful technique that allows system administrators to create secure encrypted connections between servers, bypass firewalls, and access services securely across networks. Its also known as SSH magics! Whether you’re trying to securely access internal services, create SOCKS proxies, or establish reverse tunnels to overcome network restrictions, SSH tunnels provide flexible solutions for modern networking challenges. This comprehensive guide explores essential SSH tunneling commands that every system administrator should know, complete with practical examples and use cases to enhance your network security toolkit. So let’s get on with some SSH magics, shall we?
It's 2024! Please avoid writing SSH commands like that.
Instead, configure your ~/.ssh/config with LocalForward, RemoteForward, and ProxyJump. This can save you a significant amount of time, especially when using ssh, scp, or rsync to transfer data from a remote server that requires multiple intermediate SSH connections.
SH tunneling and port forwarding can be used to forward TCP traffic over a secure SSH connection from the SSH client to the SSH server, or vice versa. TCP ports or UNIX sockets can be used, but in this post I’ll focus on TCP ports only.
I won’t go into details, but the following post should show enough examples and options to find use in your day-to-day work.
Ever need to work on a remote computer which is behind a typical firewall. Well if there is no inbound connectivity, you can play a bit of leap frog using ssh in order to gain access to that server. Here’s a quick example.
For this example we’ll assume you are sitting at Host A and would like to have access to Internal Host C. Both firewalls are assumed to allow ssh traffic out.
Our goal here is to have the Internal Host C machine start an ssh session to External Host B (which is on the internet).
SSH -R 2200:localhost:22 User@ExternalHostB
This will start an ssh session from Internal Host C to External Host B and ask the ssh daemon to forward all traffic on External Host B’s port 2200 back to Internal Host C’s port 22 over the established ssh session.
Now If I were on External Host B, to get a shell on Internal Host C all I’d have to do is:
SSH -p 2200 User@localhost
Now the USER in the above statement would have to be a valid user on Internal Host C, not External Host B.
To connect from Host A to Internal Host C you can do several things. The easiest is to leap frog.
SSH USER@ExternalHostB
Then
SSH -p 2200 USER@localhost
The first session opens a shell on External Host B. The second opens a shell on Internal Host C by connecting to the reverse shell we started in the first command.
This has been a simple reverse shell ssh post. Stay tuned for more port forwarding fun.
he OED’s earliest listed usage of “log in” in the modern sense of “to open one’s on-line access to a computer” is from the 1963 publication Compatible Time-Sharing System from the MIT Computation Center. [2] I’m not sure if this is truly the first usage of “log in”, but it would make sense if it was, as CTSS, started in 1961, was arguably the first time-sharing operating systems, and so possibly the first system that you needed to log in to. (Before that we only had batch processing systems).
A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess).
So does OpenSSH.
This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh.
A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.
Also, ssh agent forwarding becomes safer again, and what’s more, it can be used to let you tap your local key to authenticate even when sshing from remote machine A to remote machine B.
I’m going to call these hardware security keys “SKs” within this article.
I’ve been annoyed at the material out there, which often doesn’t explain what’s happening and suggests insecure practices.
So, I’m going to introduce SKs and FIDO2, show how to use the keys with SSH, explain the role of ssh-agent with all of this, and walk you through all of the steps.
Decided to do some #Linux terminal hopping.
This is my completely unscientific test: maximised window, tmux with a NeoVim session, paging quickly through some code. I wanted to see what the most CPU usage would be for these terminals. I'm testing on a Ryzen 7 7840U.
Why worry about CPU? Laptop users and low-power machine users will care about CPU usage. I'm trying to eke as much life out of my equipment as possible.
Coworker: ...and the IP address are compared with a string match.
Me: grinning manically
Coworker: Why are you looking at me like that?
Me: Open up a terminal and type ping 4.2.514 and hit enter.
Coworker: ...what's the fourth number?
Me: grin widens Just hit enter.
Coworker: WTF!?
The following are lines from ~rsyncer/.ssh/authorized-keys on my dbclone host – which gathers database backups from various hosts.
from="x8dtu.example.org,10.1.1.1",command="/usr/local/sbin/rrsync -ro /usr/home/rsyncer/backups/bacula-database/postgresql/" ssh-ed25519
AAAAC3thisisalsonotmyrealpublickeybcxpFeUMAC2LOitdpRb9l0RoW7vt5hnzwt rsyncer@x8dtu.example.org
The above appears on two lines to make it easier to read without horizontal scrolling – in the file, it’s all on one line.
This says:
- when an ssh connection comes in from a client at x8dtu.example.org, or 10.1.1.1
- run /usr/local/sbin/rrsync -ro /usr/home/rsyncer/backups/bacula-database/postgresql/
- and that client must have this key (as shown)
- rsyncer@x8dtu.example.org is a comment, and has no effect
"What kind of script is it?"
- "A Bäsch script."
"Bash?" - "No, its German cousin."
"???" - "???"
Become an irreplaceable 10x developer in 30 seconds flat
Why learn actual skills when you can just look impressive instead?
Introducing rust-stakeholder - a CLI tool that generates absolutely meaningless but impressive-looking terminal output to convince everyone you're a coding genius without writing a single line of useful code.
Yesterday I learned that #ghostty, the terminal emulator supports custom shaders. So here is a little retro/crt shader: https://gist.github.com/lukad/d979a36ed9a83020bd6fa3fa0d5d7c89
blinry - I also learned that the "grep" command is called like that because it performs the same function as running "g/re/p" in the original editor "ed" (and "QED" before that, I think): It gets all lines from a file that match the regular expression "re", and prints them!
And through that same heritage, :g/re/p still works in my Neovim today! ^_^ I love learning stuff like this!~
Glances is a cross-platform system monitoring tool written in Python
List system USB buses and devices; a lib and modern cross-platform lsusb that attempts to maintain compatibility with, but also add new features. Includes a macOS system_profiler SPUSBDataType parser module and libusb profiler for non-macOS systems/gathering more verbose information.
The project started as a quick replacement for the barely working lsusb script and a Rust project to keep me up to date! Like most fun projects, it quickly experienced feature creep as I developed it into a cross-platform replacement for lsusb.
Merge, tail, search, filter, and query log files with ease.
No server. No setup. Still featureful.
via @pty
A data hoarder’s dream come true: bundle any web page into a single HTML file. You can finally replace that gazillion of open tabs with a gazillion of .html files stored somewhere on your precious little drive.
Unlike the conventional “Save page as”, monolith not only saves the target document, it embeds CSS, image, and JavaScript assets all at once, producing a single HTML5 document that is a joy to store and share.
If compared to saving websites with wget -mpk, this tool embeds all assets as data URLs and therefore lets browsers render the saved page exactly the way it was on the Internet, even when no network connection is available.
An interactive replacer for ripgrep.
This is an interactive command line tool to make find and replacement easy. It uses ripgrep to find, and then provides you with a simple interface to see the replacements in real-time and conditionally replace matches.
Some features:
⚡ Super fast search results
✨ Interactive interface for selecting which matches should be replaced or not
🕶️ Live preview of the replacements
🧠 Replace using capturing groups (e.g., when using /foo (\w+)/ replace with bar $1)
🦀 and more!