SSH

Articles

Pokemon Emerald in WebAssembly(https://github.com/tripplyons/pokeemerald-wasm) Github wxt: Next-gen Web Extension Framework Skills for threat modeling, scanning, triage, patching, plus an autonomous scanning harness you can /customize A curated list of awesome 3D printing resources hermes-agent: It’s the only agent with a built-in learning loop - it creates skills from experience, improves them during use, nudges itself to persist knowledge, searches its own past conversations, and builds a deepening model of who you are across sessions. Run it on a $5 VPS, a GPU cluster, or serverless infrastructure that costs nearly nothing when idle. It’s not tied to your laptop - talk to it from Telegram while it works on a cloud VM. loupe: A privacy-focused iOS app that raises awareness about what native apps can see(https://apps.apple.com/cn/app/loupe-app%E8%83%BD%E7%9C%8B%E5%88%B0%E4%BB%80%E4%B9%88/id6766152470) LaunchNext: Bring your Launchpad back in MacOS26+ ,highly customizable, powerful, free. endlessh: SSH tarpit that slowly sends an endless banner iptables-tracer: Trace packets as they go through iptables chains serverless-dns: The RethinkDNS resolver that deploys to Cloudflare Workers, Deno Deploy, Fastly, and Fly.io ouch: stands for Obvious Unified Compression Helper. It’s a CLI tool for compressing and decompressing various formats.(https://github.com/ouch-org/ouch#supported-formats) shpool: shpool is a service that enables session persistence by allowing the creation of named shell sessions owned by shpool so that the session is not lost if the connection drops. shpool can be thought of as a lighter weight alternative to tmux or GNU screen. While tmux and screen take over the whole terminal and provide window splitting and tiling features, shpool only provides persistent sessions. The biggest advantage of this approach is that shpool does not break native scrollback or copy-paste. capslock: is a capability analysis CLI for Go packages that informs users of which privileged operations a given package can access. This works by classifying the capabilities of Go packages by following transitive calls to privileged standard library operations. unregistry: Push docker images directly to remote servers without an external registry NetNewsWire is a free and open-source feed reader for macOS and iOS. It supports RSS, Atom, JSON Feed, and RSS-in-JSON formats. K4YT3X’s Hardened & Optimized Linux Kernel Parameters Turso is an in-process SQL database, compatible with SQLite. zizmor is a static analysis tool for GitHub Actions. RustFS is a high-performance, distributed object storage system built in Rust. Usage: is a spec and CLI for defining CLI tools. Arguments, flags, environment variables, and config files can all be defined in a Usage spec. It can be thought of like OpenAPI (swagger) for CLIs. SurfSense: An open source, privacy focused alternative to NotebookLM for teams with no data limits. ICANN implementation of the Registry Data Access Protocol (RDAP) OpenRDAP is a command line RDAP client implementation in Go. Article 1-Click GitHub Token Stealing via a VSCode Bug Linux 系统误将 chmod 权限改成了 000，如何恢复? Laptops all have built-in security tokens these days Tailscale and RustDesk: Secure remote access to all your desktops Unexpected security footguns in Go’s parsers 君子慎讀辭典中標注的「讀音」和「語音」是什麼？拜託別再「我汗你」了！ Linux 系统误将 chmod 权限改成了 000，如何恢复? #include <sys/stat.h> int main() { chmod("/usr/bin/chmod", 0755); return 0; } ubuntu@ubuntu:~$ which chmod /usr/bin/chmod ubuntu@ubuntu:~$ ls -lh /usr/bin/chmod lrwxrwxrwx 1 root root 8 Sep 27 2025 /usr/bin/chmod -> gnuchmod ubuntu@ubuntu:~$ ls -lh /usr/bin/gnuchmod -rwxr-xr-x 1 root root 67K Jan 23 21:34 /usr/bin/gnuchmod ubuntu@ubuntu:~$ sudo chmod 000 /usr/bin/chmod ubuntu@ubuntu:~$ ls -lh /usr/bin/chmod lrwxrwxrwx 1 root root 8 Sep 27 2025 /usr/bin/chmod -> gnuchmod ubuntu@ubuntu:~$ ls -lh /usr/bin/gnuchmod ---------- 1 root root 67K Jan 23 21:34 /usr/bin/gnuchmod ubuntu@ubuntu:~$ cat main.c #include <sys/stat.h> int main() { chmod("/usr/bin/chmod", 0755); return 0; } ubuntu@ubuntu:~$ gcc ./main.c ubuntu@ubuntu:~$ sudo ./a.out ubuntu@ubuntu:~$ ls -lh /usr/bin/chmod lrwxrwxrwx 1 root root 8 Sep 27 2025 /usr/bin/chmod -> gnuchmod ubuntu@ubuntu:~$ ls -lh /usr/bin/gnuchmod -rwxr-xr-x 1 root root 67K Jan 23 21:34 /usr/bin/gnuchmod Laptops all have built-in security tokens these days macOS https://github.com/yubico/libfido2

Wednesday, June 10, 2026 閱讀

Articles

TelegramChannels warpgate: is a smart & fully transparent SSH, HTTPS, Kubernetes, MySQL, PostgreSQL bastion host that doesn’t require a client app or an SSH wrapper. Details that make interfaces feel better: npx skills add jakubkrehel/make-interfaces-feel-better TheWhisper: High-Performance Speech-to-Text Open Design: The open-source alternative to Claude Design. Local-first, web-deployable, BYOK at every layer — 16 coding-agent CLIs auto-detected on your PATH (Claude Code, Codex, Devin for Terminal, Cursor Agent, Gemini CLI, OpenCode, Qwen, Qoder CLI, GitHub Copilot CLI, Hermes, Kimi, Pi, Kiro, Kilo, Mistral Vibe, DeepSeek TUI) become the design engine, driven by 31 composable Skills and 72 brand-grade Design Systems. No CLI? An OpenAI-compatible BYOK proxy is the same loop minus the spawn. Claw Code is the public Rust implementation of the claw CLI agent harness. The canonical implementation lives in rust/, and the current source of truth for this repository is ultraworkers/claw-code. Open-ClaudeCode: 完整开源的 Claude Code 项目 - 基于 Anthropic 官方源码重建 Claude Code Best V5 (CCB): 牢 A (Anthropic) 官方 Claude Code CLI 工具的源码反编译/逆向还原项目。目标是将 Claude Code 大部分功能及工程化能力复现 (问就是老佛爷已经付过钱了)。虽然很难绷, 但是它叫做 CCB(踩踩背)… 而且, 我们实现了企业版或者需要登陆 Claude 账号才能使用的特性, 实现技术普惠 deepclaude: Use Claude Code’s autonomous agent loop with DeepSeek V4 Pro, OpenRouter, or any Anthropic-compatible backend. Same UX, 17x cheaper. pyinfra turns Python code into shell commands and runs them on your servers. Execute ad-hoc commands and write declarative operations. Target SSH servers, local machine and Docker containers. Fast and scales from one server to thousands. Think ansible but Python instead of YAML, and a lot faster. mise: Dev tools, env vars, and tasks in one CLI Aube installs automatically when you run a script. The tightest security defaults of any Node.js package manager - and the only one with a lifecycle-script jail. Drops into existing projects using existing lockfiles. Dirty Frag: Universal Linux LPE taken. You opened this page. It already knows the following. internetarchive.ch Apple is increasing my cortisol levels Hidden Bar lets you hide menu bar items to give your Mac a cleaner look. Thaw is a powerful menu bar management tool for macOS 26. While its primary function is hiding and showing menu bar items, it aims to cover a wide variety of additional features to make it one of the most versatile menu bar tools available. Dirty Frag git clone https://github.com/V4bel/dirtyfrag.git && cd dirtyfrag && gcc -O0 -Wall -o exp exp.c -lutil && ./exp

Wednesday, May 13, 2026 閱讀

設定多個 GitHub 帳號的 SSH 金鑰

設定多個 GitHub 帳號的 SSH 金鑰使用不同的 Host 值 Host github.com HostName github.com User git IdentityFile ~/.ssh/id_fry_ed25519 Host github-plnx HostName github.com User git IdentityFile ~/.ssh/id_fry_plnx_ed25519 # Instead of the actual URL $ git clone git@github.com:planet-express/delivery_service.git # Substitue in our custom Host value for the `github.com` part $ git clone git@github-plnx:planet-express/delivery_service.git 自動替換 Host [include] path = ~/.gitconfig_custom # See custom `Host github-plnx` in ~/.ssh/config [url "github-plnx:planet-express"] insteadOf = git@github.com:planet-express

Tuesday, February 11, 2025 閱讀

Add SFTP user and share directory

Add SFTP user and share directory dev_test_user, qa_test_user 同權限 dev_user, qa_user 同權限 1. 建立共享資料夾(SFTP 使用的資料夾) sudo mkdir -p /home/{test,prod}/{exchange,upload} sudo mkdir -p /home/{test,prod}/exchange/success sudo mkdir -p /home/{test,prod}/upload/backup 2. 建立使用者群組 sudo groupadd share01-test sudo groupadd share01-prod 3. 創建 qa_test_user 使用者並設定 qa_test_user 使用者的群組為 share01-test sudo useradd -m -G share01-test qa_test_user # 設定 dev_test_user 使用者的群組為 share01-test sudo usermod -G share01-test dev_test_user # 設定密碼 sudo passwd qa_test_user 4. 創建 qa_user 使用者並設定 qa_user 使用者的群組為 share01-prod sudo useradd -m -G share01-prod qa_user # 設定 dev_user 使用者的群組為 share01-prod sudo usermod -G share01-prod dev_user # 設定密碼 sudo passwd qa_user 5. 設定權限 # 設定 /home/test 資料夾(含下級資料夾)的使用者為 qa_test_user，群組為 share01-test sudo chown -R qa_test_user:share01-test test/ # 設定 /home/prod 資料夾(含下級資料夾)的使用者為 qa_user，群組為 share01-prod sudo chown -R qa_user:share01-prod prod/ # SFTP 登入資料夾權限要給 root sudo chown root:root /home/test sudo chown root:root /home/prod 6. 設定 /etc/ssh/sshd_config /etc/ssh/sshd_config

Thursday, November 30, 2023 閱讀

使用終端機與 SSH 連線到遠端主機

使用終端機與 SSH 連線到遠端主機 1. 現代終端機 Hyper iTerm2 Tabby Warp Wez’s Terminal WindTerm 2. 在 macOS 開啟終端機按 ⌘ + space 開啟 Spotlight 搜尋 terminal.app 按下 ↩ 3. 使用 SSH 連線到遠端主機確認私鑰檔案路徑。在終端機輸入指令：ssh -i /path/to/private_key.pem ubuntu@ubuntu.host.com

Friday, November 24, 2023 閱讀

Windows SSH setup

Windows SSH setup Install OpenSSH for Windows 預設的 shell 是使用 cmd，照文件說，若需要修改，是要改 ansible_shell_type 變數，這應該是要在 inventory 主機裡加入主機變數：ansible_shell_type，變數內容可以是 cmd 或 powershell。 inventory 主機裡要加入 ansible_connection 主機變數，告知要使用 ssh 連線。(192.168.192.11 ansible_user=Administrator ansible_connection=ssh ansible_shell_type=cmd ) 可能會需要在 ansible.cfg 裡加上 remote_tmp 設定，指定為 C:\TEMP Playbook 裡可以使用 win_ 開頭的模組，或是使用 raw 模組

Tuesday, January 3, 2023 閱讀

SSH 失敗錯誤：fatal: daemon() failed: No such device

SSH 失敗錯誤：fatal: daemon() failed: No such device /var/log/secure Oct 10 10:58:05 vps sshd[23799]: fatal: daemon() failed: No such device # rm -vf /dev/null removed `/dev/null` -bash-3.2# mknod /dev/null c 1 3 Started SSH and the SSH started responding: # service sshd restart Stopping sshd: [ OK ] Starting sshd: [ OK ] -bash-3.2# service sshd status openssh-daemon (pid 30608) is running…

Thursday, March 4, 2021 閱讀

Ansible Network 的新 LibSSH 連線外掛取代 Paramiko，並支援 FIPS 模式

Ansible Network 的新 LibSSH 連線外掛取代 Paramiko，並支援 FIPS 模式切換 Ansible Playbook 使用 LibSSH # 安裝 LibSSH pip install ansible-pylibssh 在 Ansible Playbook 中使用 LibSSH 方法 1. 在專案的 ansible.cfg 檔案中設定 ssh_type 參數使用 libssh [persistent_connection] ssh_type = libssh 方法 2: 設定 ANSIBLE_NETWORK_CLI_SSH_TYPE 環境變數 $ export ANSIBLE_NETWORK_CLI_SSH_TYPE=libssh 方法 3: 在 play 等級的 playbook 中設定 ansible_network_cli_ssh_type 為 libssh 用來測試 libssh 設定的 Playbook - hosts: "changeme" gather_facts: no connection: ansible.netcommon.network_cli vars: ansible_network_os: cisco.ios.ios ansible_user: "changeme" ansible_password: "changeme" ansible_network_cli_ssh_type: libssh tasks: - name: run show version command ansible.netcommon.cli_command: command: show version - name: run show version command ansible.netcommon.cli_command: command: show interfaces

Wednesday, November 25, 2020 閱讀

SSH 证书登录教程

SSH 证书登录教程证书登录的流程 SSH 证书登录之前，如果还没有证书，需要生成证书。具体方法是：用户和服务器都将自己的公钥，发给 CA CA 使用服务器公钥，生成服务器证书，发给服务器 CA 使用用户的公钥，生成用户证书，发给用户。有了证书以后，用户就可以登录服务器了。整个过程都是 SSH 自动处理，用户无感知。用户登录服务器时，SSH 自动将用户证书发给服务器。服务器检查用户证书是否有效，以及是否由可信的 CA 颁发。 SSH 自动将服务器证书发给用户。用户检查服务器证书是否有效，以及是否由信任的 CA 颁发。双方建立连接，服务器允许用户登录。生成 CA 的密钥虽然 CA 可以用同一对密码签发用户证书和服务器证书，但是出于安全性和灵活性，最好用不同的密钥分别签发。所以，CA 至少需要两对密钥，一对是签发用户证书的密钥，假设叫做 user_ca，另一对是签发服务器证书的密钥，假设叫做 host_ca。 # 生成 CA 签发用户证书的密钥 # 会在~/.ssh目录生成一对密钥：user_ca（私钥）和user_ca.pub（公钥） # 各个参数含义如下 # -t rsa：指定密钥算法 RSA。 # -b 4096：指定密钥的位数是4096位。安全性要求不高的场合，这个值可以小一点，但是不应小于1024。 # -f ~/.ssh/user_ca：指定生成密钥的位置和文件名。 # -C user_ca：指定密钥的识别字符串，相当于注释，可以随意设置。 $ ssh-keygen -t rsa -b 4096 -f ~/.ssh/user_ca -C user_ca # 生成 CA 签发服务器证书的密钥 # 会在~/.ssh目录生成一对密钥：host_ca（私钥）和host_ca.pub（公钥） # 现在，~/.ssh目录应该至少有四把密钥。 # - ~/.ssh/user_ca # - ~/.ssh/user_ca.pub # - ~/.ssh/host_ca # - ~/.ssh/host_ca.pub $ ssh-keygen -t rsa -b 4096 -f host_ca -C host_ca 服务器安装 CA 公钥 # 为了让服务器信任用户证书，必须将 CA 签发用户证书的公钥`user_ca.pub`，拷贝到服务器 $ scp ~/.ssh/user_ca.pub root@host.example.com:/etc/ssh/ 然后，将下面一行添加到服务器配置文件 /etc/ssh/sshd_config TrustedUserCAKeys /etc/ssh/user_ca.pub 上面的做法是将user_ca.pub加到/etc/ssh/sshd_config，这会产生全局效果，即服务器的所有账户都会信任user_ca签发的所有用户证书。

Wednesday, July 8, 2020 閱讀