From c4aaaa3bc5420a7a3b5042940c2a851742516844 Mon Sep 17 00:00:00 2001
From: nemirwen <nemirwen@>
Date: Wed, 17 Apr 2024 08:23:28 +0200
Subject: [PATCH] Group openssl tricks

---
 how_to | 88 +++++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 54 insertions(+), 34 deletions(-)

diff --git a/how_to b/how_to
index f6dc3dc..23ae062 100644
--- a/how_to
+++ b/how_to
@@ -985,20 +985,61 @@ ssh:
             ssh -R 2222:localhost:22 <user>@<server>
         from server:
             ssh -p 2222 <user>@127.0.0.1
+    X11 forwarding (with wayland):
+        Remote:
+            sudo pacman -S xorg-xauth
+            /etc/ssh/sshd_config
+                X11Forwarding yes
+                # (default values)
+                AllowTcpForwarding yes
+                X11UseLocalhost yes
+                X11DisplayOffset 10
+            sudo sv restart sshd
+        Client:
+            sudo pacman -S xorg-xauth xorg-xwayland
+            # Restart sway
+            ssh -X <user>@<remote>
 
-Transfer files without using ssh/scp:
-    # Credits: @Chapoline, @britaliope
-    Server-side (untars in current directory):
-        # directory
-            nc -l -p 1234 | openssl enc -aes-256-cbc -d -iter 1000 | tar -xzf -
-        # file
-            nc -l -p 1234 | openssl enc -aes-256-cbc -d -iter 1000 | gunzip - > <file>
-    Client-side:
-        # directory
-            tar -zc <dir> -c | openssl enc -aes-256-cbc -e -iter 1000 | nc <ip> 1234 -q 1
-        # file
-            gzip <file> -c | openssl enc -aes-256-cbc -e -iter 1000 | nc <ip> 1234 -q 1
-    # Both need the same passphrase in stdin
+openssl:
+    Transfer files without using ssh/scp:
+        # Credits: @Chapoline, @britaliope
+        Server-side (untars in current directory):
+            # directory
+                nc -l -p 1234 | openssl enc -aes-256-cbc -d -iter 1000 | tar -xzf -
+            # file
+                nc -l -p 1234 | openssl enc -aes-256-cbc -d -iter 1000 | gunzip - > <file>
+        Client-side:
+            # directory
+                tar -zc <dir> -c | openssl enc -aes-256-cbc -e -iter 1000 | nc <ip> 1234 -q 1
+            # file
+                gzip <file> -c | openssl enc -aes-256-cbc -e -iter 1000 | nc <ip> 1234 -q 1
+        # Both need the same passphrase in stdin
+
+    Manual IMAP connection:
+        # https://www.atmail.com/blog/imap-101-manual-imap-sessions/
+        # https://stackoverflow.com/questions/14959461/how-to-talk-to-imap-server-in-shell-via-openssl
+        # https://gist.github.com/fedir/1d8f8fb8a5f80090705ef7793936216a²
+
+        $ openssl s_client -connect <imap server>:993 -crlf [-quiet]
+        $ openssl s_client -connect <imap server>:143 -crlf -starttls imap [-quiet]
+        # IMAP needs an incrementing prefix before each command
+        A1 login <login> "<password>"
+        # list everything
+        A2 list "" "*"
+        # list everything under a particular prefix
+        A3 list "INBOX" "*"
+        # Or:
+        # (will print current UIDVALIDITY (useful for fixing mbsync))
+        A4 select inbox
+        A99 logout
+
+    Check SSL/TLS certificate expiration date:
+        echo | openssl s_client -servername <name.example.tld> -connect <example.tld>:443 2>/dev/null | openssl x509 -noout -dates
+
+    Add a CA to the system trust store (archlinux):
+        # https://wiki.archlinux.org/title/Transport_Layer_Security#Trust_management
+        sudo cp cacert.crt /etc/ca-certificates/trust-source/anchors/cacert.crt
+        sudo update-ca-trust extract
 
 
 Run MSVC on linux with Wine:
@@ -1140,24 +1181,6 @@ Mounting .bin/.cue image files:
     $ bchunk file.bin file.cue output
     $ sudo mount output01.iso /mnt -o loop,ro
 
-Manual IMAP connection:
-    # https://www.atmail.com/blog/imap-101-manual-imap-sessions/
-    # https://stackoverflow.com/questions/14959461/how-to-talk-to-imap-server-in-shell-via-openssl
-    # https://gist.github.com/fedir/1d8f8fb8a5f80090705ef7793936216a²
-
-    $ openssl s_client -connect <imap server>:993 -crlf [-quiet]
-    $ openssl s_client -connect <imap server>:143 -crlf -starttls imap [-quiet]
-    # IMAP needs an incrementing prefix before each command
-    A1 login <login> "<password>"
-    # list everything
-    A2 list "" "*"
-    # list everything under a particular prefix
-    A3 list "INBOX" "*"
-    # Or:
-    # (will print current UIDVALIDITY (useful for fixing mbsync))
-    A4 select inbox
-    A99 logout
-
 gdb tricks:
     Easily print attributes of array elements:
         # https://agateau.com/2008/gdb-trick-the-poor-man-loop
@@ -1351,9 +1374,6 @@ Jupyter:
         jupyter nbconvert --clear-output \
             --to notebook --output=my_notebook_no_out my_notebook.ipynb
 
-Check SSL/TLS certificate expiration date:
-    echo | openssl s_client -servername <name.example.tld> -connect <example.tld>:443 2>/dev/null | openssl x509 -noout -dates
-
 List files in chronological order with ls:
     # https://shkspr.mobi/blog/2020/12/anatomy-of-an-ls-command/
     ls -trhgGN --color=always | cut -d" " -f3-