restructure

technology/applications/network/DAVx5.md

@@ -6,7 +6,7 @@ repo: https://github.com/bitfireAT/davx5-ose
 f-droid: https://f-droid.org/packages/at.bitfire.davdroid
 ---
 # DAVx5
-All-in-one CalDAV/CardDAV/[WebDAV](../../tools/WebDAV.md) synchronization solution for [Android](../../systems/Android.md).
+All-in-one CalDAV/CardDAV/[WebDAV](../../internet/WebDAV.md) synchronization solution for [Android](../../systems/Android.md).
 
 ![Screenshot][Screenshot]
 

technology/applications/network/FileZilla.md

@@ -5,7 +5,7 @@ website: https://filezilla-project.org
 repo: https://svn.filezilla-project.org/filezilla/FileZilla3
 ---
 # FileZilla
-The FileZilla Client is a File Transfer Utility supporting [FTP](../../internet/FTP.md), but also [FTP](../../internet/FTP.md) over TLS (FTPS) and [SFTP](../SSH.md).
+The FileZilla Client is a File Transfer Utility supporting [FTP](../../internet/FTP.md), but also [FTP](../../internet/FTP.md) over TLS (FTPS) and [SFTP](SSH.md).
 
 ![Screenshot][Screenshot]
 

technology/applications/network/NetworkManager.md

@@ -80,7 +80,7 @@ After editing a configuration file, the changes can be applied by running:
 `nmcli general reload`
 
 ### DNS
-> **Note:** If `/etc/resolv.conf` is a symlink to `/run/systemd/resolve/stub-resolv.conf`, `/run/systemd/resolve/resolv.conf`,`/lib/systemd/resolv.conf` or `/usr/lib/systemd/resolv.conf`, NetworkManager will choose [systemd](../../linux/Systemd.md)-resolved automatically. To use dnsmasq, you must first remove that symlink, then restart NetworkManager.
+> **Note:** If `/etc/resolv.conf` is a symlink to `/run/systemd/resolve/stub-resolv.conf`, `/run/systemd/resolve/resolv.conf`,`/lib/systemd/resolv.conf` or `/usr/lib/systemd/resolv.conf`, NetworkManager will choose [systemd](../../linux/systemd/Systemd.md)-resolved automatically. To use dnsmasq, you must first remove that symlink, then restart NetworkManager.
 
 ### VPN
 [WireGuard](Wireguard.md) is natively supported. To import a [WireGuard](Wireguard.md) Config File as a connection:

technology/applications/network/OnionShare.md

@@ -5,7 +5,7 @@ website: ["https://onionshare.org/", "http://lldan5gahapx5k7iafb3s4ikijc4ni7gx5i
 repo: https://github.com/onionshare/onionshare
 ---
 # OnionShare
-🧅 OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the [Tor](../../tools/Tor.md) network.
+🧅 OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the [Tor](../../internet/Tor.md) network.
 
 ## Features
 - Share files

technology/applications/network/Privoxy.md

@@ -5,7 +5,7 @@ website: https://www.privoxy.org
 arch-wiki: https://wiki.archlinux.org/title/Privoxy
 ---
 # Privoxy
-Privoxy is a filtering proxy for the [HTTP](../../internet/HTTP.md) protocol, frequently used in combination with [Tor](../../tools/Tor.md). Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, etc. It supports both stand-alone systems and multi-user networks.
+Privoxy is a filtering proxy for the [HTTP](../../internet/HTTP.md) protocol, frequently used in combination with [Tor](../../internet/Tor.md). Privoxy is a web proxy with advanced filtering capabilities for protecting privacy, filtering web page content, managing cookies, controlling access, and removing ads, banners, pop-ups, etc. It supports both stand-alone systems and multi-user networks.
 
 ## Configuration
 Edit `/etc/privoxy/config`:
@@ -13,7 +13,7 @@ Edit `/etc/privoxy/config`:
 listen-address [SERVER-IP]:[PORT]
 ```
 
-To forward [i2p](../../tools/I2P.md) sites:
+To forward [i2p](../../internet/I2P.md) sites:
 ```
 forward .i2p localhost:4444
 ```
@@ -23,7 +23,7 @@ To forward onion sites:
 forward-socks4a .onion localhost:9050 .
 ```
 
-To forward all traffic through [Tor](../../tools/Tor.md):
+To forward all traffic through [Tor](../../internet/Tor.md):
 ```
 forward-socks5 / localhost:9050 .
 ```

technology/applications/network/SSH.md

@@ -0,0 +1,164 @@
+---
+aliases:
+  - OpenSSH
+website: https://www.openssh.com/
+obj: application
+repo: https://github.com/openssh/openssh-portable
+---
+# SSH
+Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Typical applications include remote command-line login and remote command execution, but any network service can be secured with SSH.
+
+Examples of services that can use SSH are [Git](../../dev/Git.md), [rsync](rsync.md) and X11 forwarding. Services that always use SSH are SCP and SFTP.
+
+An SSH server, by default, listens on the standard [TCP](../../internet/TCP.md) port 22. An SSH client program is typically used for establishing connections to an sshd daemon accepting remote connections. Both are commonly present on most modern operating systems, including [macOS](../../macos/macOS.md), GNU/[Linux](../../linux/Linux.md), Solaris and OpenVMS. Proprietary, freeware and open source versions of various levels of complexity and completeness exist.
+
+## Client
+### Usage
+Creating a SSH key:
+```shell
+ssh-keygen
+```
+
+Connecting to a server
+```shell
+ssh -p port user@server-address
+```
+
+Port forwarding:
+```shell
+# Forward Remote -> Local
+ssh -N -f -L local_port:127.0.0.1:remote_port host
+# Forward Local -> Remote
+ssh -N -f -R remote_port:127.0.0.1:local_port host
+```
+
+Copying files (works with [rsync](cli/rsync.md) as well):
+```shell
+scp -r files remote:/path
+```
+
+Copy ssh key to host:
+```shell
+ssh-copy-id user@remote
+```
+
+Pipes work too over SSH:
+```shell
+ssh remote "cat /log" | grep denied
+cat ~/.ssh/id_rsa.pub | ssh remote 'cat >> .ssh/authorized_keys'
+```
+
+Use a jump host:
+```shell
+ssh -J jump_server remote
+```
+
+Forward port to remote using [systemd](../../linux/systemd/Systemd.md) service:
+```ini
+[Unit]
+Description=SSH Port Forwarding
+After=network.target
+After=systemd-resolved.service
+
+[Service]
+User=<USER>
+ExecStart=/usr/bin/ssh -i <KEY> -o ExitOnForwardFailure=yes -N -R 0.0.0.0:<PORT>:127.0.0.1:<PORT> user@example.com
+Restart=always
+StartLimitInterval=0
+StartLimitBurst=0
+RestartSec=30s
+
+[Install]
+WantedBy=multi-user.target
+```
+
+### Configuration
+Client can be configured by the file `~/.ssh/config`
+```
+# global options
+User user
+
+# host-specific options
+Host myserver
+    Hostname server-address
+    Port     port
+    IdentityFile ~/.ssh/id_rsa
+    User you
+    ProxyJump host
+    ProxyCommand corkscrew <proxy-host> <proxy-port> %h %p # HTTP Proxy
+```
+
+With this configuration the client command can be redacted to
+```shell
+ssh myserver
+```
+
+Corkscrew is a additional programm to tunnel SSH through [HTTP](../../internet/HTTP.md) proxies:
+```shell
+`ssh -o "ProxyCommand corkscrew <proxy-host> <proxy-port> %h %p" <ssh-username>@<ssh-server>`
+```
+
+## Server
+`sshd` is the OpenSSH server daemon, configured with `/etc/ssh/sshd_config` and managed by `sshd.service`. Whenever changing the configuration, use `sshd` in test mode before restarting the service to ensure it will be able to start cleanly. Valid configurations produce no output.
+```shell
+sshd -t
+```
+
+### Configuration
+Set address and port:
+```
+ListenAddress 0.0.0.0
+Port 22
+```
+
+Limit users:
+```
+AllowUsers user1 user2
+DenyUser user3 user4
+```
+
+To allow access only for some groups:
+```
+AllowGroups group1 group2
+DenyGroups group3 group4
+```
+
+Disable password authentification:
+```
+PasswordAuthentication no
+PermitEmptyPasswords no
+```
+
+Disable root login:
+```
+PermitRootLogin no
+PermitRootLogin prohibit-password
+```
+
+Allow port forwarding:
+```
+AllowTcpForwarding yes
+```
+
+Allow only certain commands:
+```
+ForceCommand command
+```
+
+Limit port forwarding:
+```
+PermitListen host:port
+PermitOpen host:port
+```
+
+Set [environment variables](../../linux/Environment%20Variables.md) in the session:
+```
+SetEnv KEY=VALUE
+```
+
+User-based settings (everything here only applies to `user1`):
+```
+Match User user1
+    PasswordAuthentication no
+    AllowTcpForwarding yes
+```

technology/applications/network/Wireguard.md

@@ -5,7 +5,7 @@ android-id: com.wireguard.android
 ---
 
 # Wireguard
-[WireGuard](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art [cryptography](../../Cryptography/Cryptography.md). It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the [Linux](../../linux/Linux.md) kernel, it is now cross-platform ([Windows](../../windows/Windows.md), [macOS](../../macos/macOS.md), BSD, iOS, [Android](../../systems/Android.md)) and widely deployable.
+[WireGuard](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art [cryptography](../../cryptography/Cryptography.md). It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the [Linux](../../linux/Linux.md) kernel, it is now cross-platform ([Windows](../../windows/Windows.md), [macOS](../../macos/macOS.md), BSD, iOS, [Android](../../systems/Android.md)) and widely deployable.
 
 ## Configuration
 ### Generate Key Pair

technology/applications/network/browsers/Mullvad Browser.md

@@ -5,7 +5,7 @@ website: https://mullvad.net/en/browser
 repo: https://github.com/mullvad/mullvad-browser
 ---
 # Mullvad Browser
-The Mullvad Browser is a privacy-focused web browser (based on [Firefox](Firefox.md)) developed in a collaboration between [Mullvad VPN](../Mullvad%20VPN.md) and the Tor Project. It’s designed to minimize tracking and fingerprinting. You could say it’s a [Tor](../../../tools/Tor.md) Browser to use without the [Tor](../../../tools/Tor.md) Network. Instead, you can use it with a trustworthy VPN. The idea is to provide one more alternative – beside the [Tor](../../../tools/Tor.md) Network – to browse the internet with more privacy. To get as many people as possible to fight the big data gathering of today. To free the internet from mass surveillance.
+The Mullvad Browser is a privacy-focused web browser (based on [Firefox](Firefox.md)) developed in a collaboration between [Mullvad VPN](../Mullvad%20VPN.md) and the Tor Project. It’s designed to minimize tracking and fingerprinting. You could say it’s a [Tor](../../../internet/Tor.md) Browser to use without the [Tor](../../../internet/Tor.md) Network. Instead, you can use it with a trustworthy VPN. The idea is to provide one more alternative – beside the [Tor](../../../internet/Tor.md) Network – to browse the internet with more privacy. To get as many people as possible to fight the big data gathering of today. To free the internet from mass surveillance.
 
 Some features include:
 - Same browser fingerprint for all Mullvad Browser

technology/applications/network/rclone.md

@@ -85,7 +85,7 @@ Protocols:
 - [FTP](../../internet/FTP.md)
 - [HTTP](../../internet/HTTP.md)
 - SFTP
-- [WebDAV](../../tools/WebDAV.md)
+- [WebDAV](../../internet/WebDAV.md)
 
 ```shell
 rclone serve <protocol> <remote>
@@ -147,4 +147,4 @@ The attributes `:ro`, `:nc` and `:nc` can be attached to the end of the rem
 Subfolders can be used in upstream remotes. Assume a union remote named `backup` with the remotes `mydrive:private/backup`. Invoking `rclone mkdir backup:desktop` is exactly the same as invoking `rclone mkdir mydrive:private/backup/desktop`.
 
 ## WebDAV
-To configure the [WebDAV](../../tools/WebDAV.md) remote you will need to have a [URL](../../internet/URL.md) for it, and a username and password
+To configure the [WebDAV](../../internet/WebDAV.md) remote you will need to have a [URL](../../internet/URL.md) for it, and a username and password