cristianoliveira · September 20, 2024 10:20
diff --git a/gistfile1.txt b/gistfile1.txt
 https://archive.ph/XeZO5

 It's 2024! Please avoid writing SSH commands like that.
 Instead, configure your ~/.ssh/config with LocalForward, RemoteForward, and ProxyJump. This can save you a significant amount of time, especially when using ssh, scp, or rsync to transfer data from a remote server that requires multiple intermediate SSH connections.

 e.g:

    Host jump-host-1
        HostName jump1.example.com
        User your_username
        IdentityFile ~/.ssh/id_rsa

        Host jump-host-2
            HostName jump2.example.com
            User your_username
            IdentityFile ~/.ssh/id_rsa
            ProxyJump jump-host-1

            Host jump-host-3
                HostName jump3.example.com
                User your_username
                IdentityFile ~/.ssh/id_rsa
                ProxyJump jump-host-2

                Host target-server
                    HostName target.example.com
                    User your_username
                    IdentityFile ~/.ssh/id_rsa
                    ProxyJump jump-host-3
                    LocalForward 0.0.0.0:8080 0.0.0.0:80  
                    RemoteForward 0.0.0.0:9022 0.0.0.0:22

    # after this:
    # - you can ssh/scp/rsync to your target-server via an alias
    # - forward traffic FROM port 80 on your target-server to port 8080 on your local machine
    # - forward ssh requests TO port 9022 on your target-server to port 22 on your local machine
    # - remember, for LocalForward & RemoteForward : 
    #   + left is target-server
    #   + right is your local
    #   + use 0.0.0.0 instead of localhost or 127.0.0.1

 ----
 While we're sharing neat ssh_config tricks, here's my favorite trick I use:
 My home network is set up so that if I'm home or on my self-hosted VPN, I can SSH directly to my various things. But if I'm away from home and not on the VPN, I can SSH into my home systems through a jump host.

 In the ssh_config file, I have it configured to detect how/where I am and optionally use a jump host.

  Host jump jump.example.org
    HostName                        jump.example.org
    Port                            41444
    User                            mmh
    UserKnownHostsFile              /dev/null
    ChallengeResponseAuthentication no
    CheckHostIP                     no
    Compression                     yes
    ForwardX11                      no
    GSSAPIAuthentication            no
    LogLevel                        ERROR
    PreferredAuthentications        publickey,keyboard-interactive
    ProxyJump                       none
    PermitLocalCommand              yes

  # Order here matters. Detect VPN first, then home network.
  # If connecting to a *.example.org host and router.example.org = 10.0.0.1, must be home/vpn.
  Match host *.example.org exec "getent ahosts router.example.org | grep -q ^10.0.0.1"
    ProxyJump                 none
  # If connecting to a *.example.org host and the macaddr of 10.0.0.1 is NOT 2a:70:ff:ff:ff:ff, then use jump.example.org:
  Match host *.example.org exec "! arp -ne 10.0.0.1 | grep -Fq 2a:70:ff:ff:ff:ff"
    ProxyJump                 jump.example.org


  ## Define the things
  Host tv tv.example.org
    HostName                  tv.example.org
    User                      mmh
	https://archive.ph/XeZO5

	It's 2024! Please avoid writing SSH commands like that.
	Instead, configure your ~/.ssh/config with LocalForward, RemoteForward, and ProxyJump. This can save you a significant amount of time, especially when using ssh, scp, or rsync to transfer data from a remote server that requires multiple intermediate SSH connections.

	e.g:

	Host jump-host-1
	HostName jump1.example.com
	User your_username
	IdentityFile ~/.ssh/id_rsa

	Host jump-host-2
	HostName jump2.example.com
	User your_username
	IdentityFile ~/.ssh/id_rsa
	ProxyJump jump-host-1

	Host jump-host-3
	HostName jump3.example.com
	User your_username
	IdentityFile ~/.ssh/id_rsa
	ProxyJump jump-host-2

	Host target-server
	HostName target.example.com
	User your_username
	IdentityFile ~/.ssh/id_rsa
	ProxyJump jump-host-3
	LocalForward 0.0.0.0:8080 0.0.0.0:80
	RemoteForward 0.0.0.0:9022 0.0.0.0:22

	# after this:
	# - you can ssh/scp/rsync to your target-server via an alias
	# - forward traffic FROM port 80 on your target-server to port 8080 on your local machine
	# - forward ssh requests TO port 9022 on your target-server to port 22 on your local machine
	# - remember, for LocalForward & RemoteForward :
	# + left is target-server
	# + right is your local
	# + use 0.0.0.0 instead of localhost or 127.0.0.1

	----
	While we're sharing neat ssh_config tricks, here's my favorite trick I use:
	My home network is set up so that if I'm home or on my self-hosted VPN, I can SSH directly to my various things. But if I'm away from home and not on the VPN, I can SSH into my home systems through a jump host.

	In the ssh_config file, I have it configured to detect how/where I am and optionally use a jump host.

	Host jump jump.example.org
	HostName jump.example.org
	Port 41444
	User mmh
	UserKnownHostsFile /dev/null
	ChallengeResponseAuthentication no
	CheckHostIP no
	Compression yes
	ForwardX11 no
	GSSAPIAuthentication no
	LogLevel ERROR
	PreferredAuthentications publickey,keyboard-interactive
	ProxyJump none
	PermitLocalCommand yes

	# Order here matters. Detect VPN first, then home network.
	# If connecting to a *.example.org host and router.example.org = 10.0.0.1, must be home/vpn.
	Match host *.example.org exec "getent ahosts router.example.org \| grep -q ^10.0.0.1"
	ProxyJump none
	# If connecting to a *.example.org host and the macaddr of 10.0.0.1 is NOT 2a:70:ff:ff:ff:ff, then use jump.example.org:
	Match host *.example.org exec "! arp -ne 10.0.0.1 \| grep -Fq 2a:70:ff:ff:ff:ff"
	ProxyJump jump.example.org


	## Define the things
	Host tv tv.example.org
	HostName tv.example.org
	User mmh