27 comments

[ 2.5 ms ] story [ 42.7 ms ] thread
I often need to login to colleagues' machines at work, but I find that their settings are not what I am familiar with. So I wrote an SSH wrapper in POSIX shell which tars dotfiles into a base64 string, passes it to SSH, and decodes / setups on the remote temp directory. Automatically remove when session ends.

Supported: .profile, .vimrc, .bashrc, .tmux.conf, etc.

This idea comes from kyrat[1]; passing files via a base64 string is a really cool approach.

[1]: https://github.com/fsquillace/kyrat/

> I often need to login to colleagues' machines at work, but I find that their settings are not what I am familiar with

I'd hate to jump to conclusions, but what username are you looking into what machines with for that to be an issue?

time to call the it team at work (on the phone) to ask them to add a new item to the software allowlist

  tmp="$(mktemp -d)" && rsync -a --exclude='.ssh' user@host:~/.[!.]* "$tmp"/ && HOME="$tmp" exec "$SHELL"
I do the same, but I skip rsync for git.

    git clone $uri dotfiles; export HOME=$(pwd)/dotfiles 
These days, my laptop acts as a dumb SSH gateway for Linux VMs. No configuration or setup, aside from VS code connecting to VMs. Any server that I would want to load my dotfiles onto will almost always have git installed.

Rant (not directed at any comment here): If it's a production server without git, then please do not run scripts like this. Do not create junk directories on (or ideally any modifications to) secure machines. It inevitably causes new and uninteresting puzzles for your colleagues. Create documented workflows for incident responses or inspection.

How about mounting your dotfiles directory (~/.config) or even your entire home directory on the remote system using SSHFS or NFS? I'm sure somebody would have tried it or some project may already exist. Any idea why that isn't as prevalent as copying your dotfiles over?
This reminds me - in a previous company I worked at, we had a bunch of old firewalls and switches that ran SSH servers without support for modern key exchange algorithms etc

One of the engineers wrote a shell alias called “shitssh”, which would call ssh with the right options to allow the old crufty crypto algorithms to be used. This alias got passed down to new members of the team like a family heirloom.

Nice, although wouldn't work today. Modern distros (ime, fedora 42) need you to update policy and reboot. You can't connect with just --key-exchange YOLO1 any more

I hate network vendors. Wish I could put BSD on my old Catalysts.

I wonder why are dofiles have to be on remote machines?

e.g. I type an alias, the ssh client expands it on my local machine and send complex commands to remote. Could this be possible?

I suppose a special shell could make it work.

I didn't look closely at the project, but why take the extra step of base64? I do this all the time with tar by itself and it's wire-proof enough to work fine.
In some cases, shar would be a useful wrapper for that.
I don't know, I just use the standard on my machine or on remote. Why bother to customize it all the time when you can't work without the customizations
I have a python script [0] which builds and statically links my toolbox (fish, neovim, tmux, rg/fd/sd, etc.) into a self contained —-prefix which can be rsynced to any machine.

It has an activate script which sets PATH, XDG_CONFIG_HOME, XDG_DATA_HOME, and friends. This way everything runs out of that single dir and doesn’t pollute the remote.

My ssh RemoteCommand then just checks for and calls the activate script if it exists. I get dropped into a nice shell with all my config and tools wherever I go, without disturbing others’ configs or system packages.

[0] https://github.com/foltik/dots

More like shit toilet paper. Name like findtherapist.com
(comment deleted)
Why call this Shittp? Is it to imply it’s actually shitty and just a proof of concept or fun project?
I love the concept but I'd be worried about security in enterprise environments. Some of the dotfiles (especially .bashrc) could override security policies or compliance settings that IT has configured.

That said, for personal servers this is brilliant. I've been using a git repo for dotfiles but having them automatically cleanup on disconnect is clever.

One improvement: consider using SSH's ProxyCommand or LocalCommand instead of wrapping SSH entirely. That way it works transparently with tools that call SSH directly (git, rsync, etc).

Also curious - does this handle tmux sessions properly? I often SSH in, start tmux, disconnect, then reconnect later. Would the dotfiles still be there?

People who choose such a noxious name for their project that it actually dissuades people who might otherwise be users think that says something about those prudish users, but it really says something about them.
I have been doing something similar for years, especially for login to VMs: sets up an environment of my dotfiles based on a checkout and runs a resumable 'screen' session with tmux. This looks elegant (ephemeral), but I seldom log in to a machine I can't leave my files on as installed.

${HOME} is where your dotfiles are.