Secure SSH Keygen

ssh-keygen -o -a 100 -t ed25519

SSH Tunnel

ssh -N -L2001:localhost:80 somemachine

Now you can access the website by going to http://localhost:2001/

SSH Proxy

ssh -q -N -D 5001 user@host
# e.g.
ssh -q -N -D 5001 pi-rt

You can now set localhost:5001 as a socks proxy in firefox and will appear like to connect from host.

SSH port forwarding

ssh -R 12345:localhost:22 "sleep 1000; exit"

Forwards's port 12345 to your local ssh port, even if your machine is not externally visible on the net. Now you can ssh localhost -p 12345 from and you will log into your machine.

Get current (external) IP address


Monitor network usage and bandwith, ports, listening applications

lsof -i # monitors network connections in real time
iftop # shows bandwith usage per *connection*
nethogs #  shows the bandwith usage per *process*, linux

Google emergency DNS

  • 2001:4860:4860::8888
  • 2001:4860:4860::8844

Find all open SSH ports on subnet

nmap -p 22 --open -sV

Find authoritative nameservers for a TLD

E.g. for .io domain:

dig NS io.


tcpdump -i en0 -w dst

# filtering for address
tcpdump host
tcpdump src dst
tcpdump net

# filtering for port
tcpdump port 3389
tcpdump src port 1025
tcpdump dst port 389
tcpdump src port 1025 and tcp
tcpdump udp and src port 53
tcpdump portrange 21-23


# TCP traffic from destined for port 3389
tcpdump -nnvvS and src and dst port 3389

# Traffic originating from the 192.168 network headed for the 10 or 172.16 networks
tcpdump -nvX src net and dst net or

# Non-ICMP traffic destined for from the 172.16 network
tcpdump -nvvXSs 1514 dst and src net and not icmp

# Traffic originating from Mars or Pluto that isn't to the SSH port
tcpdump -vv src mars and not dst port 22

Generate a self-signed certificate for localhost

openssl req -x509 -out localhost.crt -keyout localhost.key \
  -newkey rsa:2048 -nodes -sha256 \
  -subj '/CN=localhost' -extensions EXT -config <( \
   printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:localhost\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")

Local DHCP server

How to run a DHCP server on one of your laptops Ethernet ports, e.g. for connecting to a Raspberry Pi without a router. Assumes the ethernet interface to be wlp2s0 and DHCP subet 192.168.10.x.

sudo apt install isc-dhcp-server
# set your interface
sudo nano /etc/default/isc-dhcp-server

Now, set as static IP for your interface (via NetworkManager). Also check “Use this connection only for resources on this network” Then, edit sudo nano /etc/dhcp/dhcpd.conf and set:

default-lease-time 3600;
max-lease-time 86400;

subnet netmask {

    option subnet-mask;
    option broadcast-address;
    option routers;

    option domain-name "";
    option domain-name-servers,,;

Then, disable automatic startup and restart it:

sudo systemctl disable isc-dhcp-server.service
sudo service isc-dhcp-server restart
# might have to temp. disable ufw
sudo ufw disable

To enable routing and NAT:

# enable routing
sudo sysctl -w net.ipv4.ip_forward=1
# wlp2s0 external, enx3c18a07181d5 internal (where DHCP runs)
sudo iptables -t nat -A POSTROUTING -o wlp2s0 -j MASQUERADE; \
sudo iptables -A FORWARD -i wlp2s0 -o enx3c18a07181d5 \
    -m state --state RELATED,ESTABLISHED -j ACCEPT; \
sudo iptables -A FORWARD -i enx3c18a07181d5 -o wlp2s0 -j ACCEPT

# to see leases:
cat /var/lib/dhcp/dhcpd.leases

Now, you can tail syslog to see clients connecting. More info:

Performance/Bad network sim

Measuring network using iperf

  • On server: iperf -s
  • On client: iperf -fK -i 5 -B <if>


Creating a private fork on Github

git clone
cd repo
git remote rm origin
git remote add origin
git remote add upstream
git push --all
git push --tags
git fetch
git checkout -b upstream-master upstream/master
git checkout master
git checkout -b my-master
git push --set-upstream origin my-master

Updating from upstream:

git checkout upstream-master
git pull
git checkout -b master origin/master # first time
git checkout master
git merge upstream-master
git checkout my-master
git merge upstream-master
git push --all

Ruin somebodys Day (in C)

Sneak into his headers:

# define struct union
# define else

Cmake: print all variables

get_cmake_property(_variableNames VARIABLES)
foreach (_variableName ${_variableNames})
    message(STATUS "${_variableName}=${${_variableName}}")


Remove unwanted stuff from an Amazon Android phone

With adb shell

pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0
pm uninstall -k --user 0 com.goodreads
pm uninstall -k --user 0

Show most used Commands in ZSH

cat ~/.zsh_history | iconv -f ISO-8859-1 -t UTF-8 | sed "s|sudo ||g" | cut -d ';' -f 2- | sort | uniq -c | sort -n

PDF Booklet print

apt-get install texlive-extra-utils
pdfbook <file>.pdf

Then: print <file>-book.pdf double-sided with long-edge binding.

Record screen with ffmpeg

This records with resolution 1860x1050 from offset 60,30:

sleep 5; ffmpeg -video_size 1860x1050 -framerate 15 -f x11grab -i :0.0+60,30 output.mp4

Erase/scrape/delete/shred files securely

  • srm
  • shred

On macOS: rm -P

Measure shell pipe throughput

sudo apt-get install pv
cat /dev/urandom | pv > /dev/null