Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Not really a script, but a `.ssh/config` to automatically deploy parts of my local cli environment to every server i connect to (if username and ip/hostname matches my rules).

On first connect to a server, this sync all the dotfiles i want to a remote host and on subsequent connects, it updates the dotfiles.

Idk if this is "special", but I haven't seen anyone else do this really and it beats for example ansible playbooks by being dead simple.

   Match Host 192.168.123.*,another-example.org,*.example.com User myusername,myotherusername
      ForwardAgent yes
      PermitLocalCommand yes
      LocalCommand rsync -L --exclude .netrwhist --exclude .git --exclude .config/iterm2/AppSupport/ --exclude .vim/bundle/youcompleteme/ -vRrlptze "ssh -o PermitLocalCommand=no" %d/./.screenrc %d/./.gitignore %d/./.bash_profile %d/./.ssh/git_ed25519.pub %d/./.ssh/authorized_keys %d/./.vimrc %d/./.zshrc %d/./.config/iterm2/ %d/./.vim/ %d/./bin/ %d/./.bash/ %r@%n:/home/%r


Man.., 20 years doing system administration and I never did that because I never think about that.

What a shame!

I owe you a beer at least


You...you mean...I could finally get all my aliases to work everywhere I go?

I'm not crying, you are crying!


That's really cool. I never found it necessary to do this. I'm a little bit liberal in regards to security local, so I wouldn't want that to transfer to a server accidentally. I just deal with it and get out when I am not using it.


FWIW though - he explicitly sets up a Match rule for the servers he cares about doing this to so he oughtn't end up accidentally doing any transferring unless his Match backfires.


I used to have a script name ".ase" (meaning "as someone else") that I'd source when I was doing something for someone else, and had become root. I was very careful to make sure it just had safe aliases there.


Does anyone have something similar to this for exec'ing into kubernetes pods? It's usually not the case that the container will have bash, vim, etc., but there is probably something to make it feel more like home.


You probably don't want either a fully functioning remote shell, or a malleable filesystem for injecting one, since that's precisely the kind of environment that is great for infiltrators to make a pod do something it's not intended to.


if you have a common base system it might be possible to copy/rsync/untar the tools you need and then use them. Ideally you'd want to restart the container/pod once you're done to ensure the tools aren't left around, or their presence causes other weird issues.


I keep this in my snippet manager to be pasted into a kubernetes pod I want to have the tools I'm used to:

    apt-get update; apt-get install -y tmux git ncdu psmisc iproute2 net-tools curl zsh vim; curl -Ls install.ohmyz.sh | sh; chsh -s $(which zsh); exec zsh
It's not automatic but it only takes a second for me to find it and about 10-15s to run.


What do all the %d's do?


User's home directory https://man7.org/linux/man-pages/man5/ssh_config.5.html


https://man.openbsd.org/ssh_config#TOKENS

Why didn't you look this up yourself?


I have something similar--for deciding whether to try to connect locally or via remote address:

    Match host 10400 exec "timeout 1 nc -z 192.168.1.101 22 2>/dev/null"
        Hostname 192.168.1.101
        Port 22

    Host 10400
        Hostname myhost.duckdns.org
        Port 564


I've been having this in the back of my mind for a couple of years by now (funny how brains work sometimes) and now I don't even have to write it! Thank you!

Also: This will be great to combine with chezmoi for bootstrapping workstations - allowing you to do host-specific configuration, templating, and basic secrets injection without fiddling around with USB drives or whatnot.


This is awesome. It terrifies me though.


Super neat! When I did sysadmin work I had a tux config that did something like this via a keystroke, and it was all ephemeral changes. So via a key binding I could lightly customize the single SSH connection without affecting anyone else.


Very cool usage of Local command, never use this one in my config. Thanks for sharing!


Very nice. I owe you a beer.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: