Favorites for scripting including the ability to run any command or script on the remote.<p><pre><code> ssh remotehost reboot
</code></pre>
Heredoc syntax also works:<p><pre><code> ssh remotehost <<'EOF'
ls
cat /etc/passwd
reboot
EOF</code></pre>
a few more examples on ssh tunnels : <a href="https://cloudbase.200013.net/doc/linux/ssh/ssh_tunelling.html" rel="nofollow">https://cloudbase.200013.net/doc/linux/ssh/ssh_tunelling.htm...</a>
I like how this guide also takes Windows into account, it has some unique challenges.<p>I have written some notes especially on SSHFS (also for Windows!) and tunnels with SSH (e.g. SOCKS proxy) as an OrgPage: <a href="https://www.orgpad.com/s/wRIx3rNLZ6y" rel="nofollow">https://www.orgpad.com/s/wRIx3rNLZ6y</a>
These tricks saved my bacon so many times already. Most of it can be used with the FUDO PAM jump host appliance (<a href="https://fudosecurity.com/fudo-pam/" rel="nofollow">https://fudosecurity.com/fudo-pam/</a>) that is based on FreeBSD and one of the developers spoke about it and other things on <a href="https://www.bsdnow.tv/" rel="nofollow">https://www.bsdnow.tv/</a> I think. Some of it works with OpenWRT's Dropbear nicely as well.
I like the idea for multiple Github accounts, but I have concerns over the suggestion:<p>```
Host github-work.com
..
Host github-personal.com
```<p>Getting in the habit of using a fake FQDN (which right now aren't registered) feels pretty risky.
The most annoying "feature" of ssh for me is the discrepancy between public keys presentations. How I suppose to verify fingerprint of a new server if it uses a different presentation in the keys file?
> ssh-keygen -t rsa -b 4096 -C "your@email.com"<p>Is there any evidence that 2048 bit RSA keys are insufficient?<p>4096 bit keys are absolutely huge. I don't know if working with them is also slower, but I would guess so.