I think you may want to clear the environment (e.g., of `SSH_AUTH_SOCK`) as well as isolate in a PID namespace as well. I also reflexively `--as-pid-1 --die-with-parent`.
(The `bwrap` manpage says “you are unlikely to use it directly from the commandline,” yet I use it like this all the time. If you do, too, then we should be friends!)
To second the discussion everyone has about utilizing netcat instead I also want to point out that there is a tool on pretty much every linux machine ever that can perform netcat for SSL: `openssl s_client`. Ive used it on multiple occasions for toying with the HTTPS protocol and all of the features that only enable themselves when using a secure connection. It does just what netcat does, but initiates a secure SSL tunnel first.
Are there any KVM switches that do Displayport well (i.e. where switching between inputs does not look like a display disconnect to the PC)?
I'm still using HDMI because I like to share my home multi-monitor setup between my personal machine and my work laptop, and the KVM switches are able to fool the PCs into thinking the monitor are always connected. Years ago I tried a Displayport switch, but it could not -- I assume because if the greater sophistication of the Displayport protocol.
Also the most dangerous but flexible way to authenticate a user.
https://jpmens.net/2019/03/02/sshd-and-authorizedkeyscommand...