Skip to main content
gvdtech.net
  1. Posts/

Nifty Little Things

·1049 words·5 mins· loading
Author
Linux and Tech
Author
Author
throttlemeister
Site owner
Table of Contents

Nifty little things you may or may not know
#

Introduction
#

Over time, I have learned little things and made some small quality of life functions to help me on my systems. Here I will attempt to share some of the useful things. Or things I find useful. They are probably old new to most, but perhaps there is something you find useful.

netstat -> ss
#

As a former UNIX admin, I am very comfortable with the netstat command. For the longest time, I have been somewhat annoyed that it didn’t come preinstalled on Linux anymore and I had to go out of my way to install it manually on my systems. Little did I realize, that netstat had gone the same way as ifconfig has gone: away and replaced by a more modern tool.

This new tool is called ss and my most used command using it is with flags: ss -tunlp. This command shows all listening ports (-l), both udp and tcp (-u -t) with numeric values (-n) and processes attached to those ports (-p). This is very convenient, as it is one command that gives you the output of both netstat and lsof.

For me, and since I am lazy, I use it enough to put it in a little fish function to save me typing the flags unless I want to use different flags.

function ss
    if test -z "$argv"
        command ss -tulnp
    else
        command ss $argv
    end
end

You’ll see I check if there are arguments given; if not, I will run the command with -tulnp added and if there is an argument provided, I will run it with the arguments. This way, if I just want to quickly check open ports, I can just type ss to get all the info I need and only provid flags if I want to see something else.

ifconfig -> ip
#

Talking about ifconfig, if you are used to typing ifconfig to see your interfaces and IP addresses, this command has been deprecated as well. The new command is ip and the full command to see all interfaces and IP addresses is ip address show. This can be very helpfully reduced to ip a s.

Television
#

Another nifty little thing worth mentioning that I don’t see mentioned too often is television. It’s a super fast fuzzy finder for the terminal. Everybody knows and uses fzf, but what sets television apart is its channels. Using channels lets you search very quickly through a specific set of data. For instance, if I use the journal channel, it lets me search through all of the logs from journald without having to lookup the syntax for journalctl and knowing which journal to search in. For me, that’s a lifesaver.

Television is highly configurable and extensible. You can check it out here.

Using 1Password for sudo and SSH
#

If you use 1Password as your password manager (you should really, even if you don’t want to use 1P (though I think it is the best one) you should use a password manager), you can actually use it to securely use sudo. It can also act as an ssh-agent to store your private keys, so you don’t have to have them laying around on the systems you use.

Using 1P for sudo
#

This is actually really simple. First you make sure to install 1P cli tools. On my distro, that’s quickly done by:

sudo zypper in 1password-cli

This is the command I have to use for OpenSUSE, you will have to adjust according to your distro.

Then create a little bash script, that’s really just one line:

#!/bin/bash
op item get sudo --fields label=password --reveal

Save it somewhere and make it executable with chmod. Personally I compile this using shc to an elf binary, and save it to /usr/local/bin/. Just to make it a little less obvious. It don’t matter.

Then you create a file /etc/sudo.conf with the content:

Path askpass /usr/local/bin/askpass

The path is to whereever you have stored your little bash script we created above.

If don’t have sudo configured to never ask for a password, and try to use it now, if your vault is locked 1P will pop-up a window to unlock and continue once you have done this. If your vault is unlocked, it will just execute without bothering you. It may pop up a window to alert you and ask to continue, but that is a good thing. If something wants to sudo, you’ll know about it.

To me, this is very convenient as I do not have to use an insecure configuration by just blindly accepting sudo without a password, yet at the same time I don’t get bothered by password prompts as long as my vault is unlocked.

Using 1P as your ssh-agent
#

I am not going to create a full write-up on how to use 1Password as your ssh-agent. There are many articles on that topic that explain it way better than I could.

Why use a ssh-agent?
#

The reason people want to use a ssh-agent is to securely manage their ssh private keys. It caches your private key password, if you have one, so you do not have to re-enter your password with each and every connection. It also can integrate with other tools, making life easier.

Basica advantages of using ssh-agent:

  • Simplified authentication
  • Enhanced security
  • Efficient key usage
  • Compatibility and integration

The downside is, the ssh-agent runs local. This means, if you have or use more than one computer, you have to setup ssh-agent multiple times. That’s additional work and complicates key management: if you change or add a key, you have to make that change to every instance of the ssh-agent on all computers.

Why use 1Password as your ssh-agent?
#

Using 1P as your ssh-agent makes life very convenient. There is only one single place where your keys reside, inside your 1P vault. If you can login to your 1P vault, you have access to your ssh keys. No more keys stored on multiple devices, no matter how secure. Turning on the ssh-agent is as easy as checking a checkmark in the settings of the 1P application. Then it just works. If you delete the application, the key is gone.

More to come…