ssh proxycommand -W, nc, exec nc 有什么区别 [英] What is the difference between ssh proxycommand -W, nc, exec nc
问题描述
我看过一些关于 .ssh/config 和 proxycommand 的博客
I have seen a few blogs about .ssh/config and proxycommand
现在下一个命令有什么区别
now what is the difference between the next commands
ProxyCommand ssh proxyserver -W [%h]:%p
ProxyCommand ssh proxyserver nc -q0 %h %p 2>/dev/null
ProxyCommand ssh proxyserver exec nc -q0 %h %p 2>/dev/null
其中一些命令在某些机器上有效,而在其他机器上无效.
Some of these commands work on some machines, and don't work on others.
推荐答案
以下是我的理解:
ProxyCommand ssh proxyserver -W [%h]:%p
-W选项内置于 OpenSSH 的新(更)版本中,因此这仅适用于具有最低版本(5.4,除非您的发行版向后移植任何版本)的机器功能;例如,RHEL6 OpenSSH 5.3p1 包含此功能).根据发行说明:http://www.openssh.com/txt/release-5.4
The
-Woption is built into new(er) versions of OpenSSH, so this will only work on machines that have the minimum version (5.4, unless your distro back-ported any features; e.g., RHEL6 OpenSSH 5.3p1 includes this feature). Per the release notes: http://www.openssh.com/txt/release-5.4
向 ssh(1) 添加了netcat 模式":ssh -W host:port ..." 这会将客户端上的 stdio 连接到服务器上的单个端口转发.例如,这允许使用 ssh 作为 ProxyCommand 通过中间服务器路由连接.
Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers.
ProxyCommand ssh proxyserver nc -q0 %h %p 2>/dev/null
- 在
-W选项可用之前,我们使用了nc(或 netcat)实用程序.nc允许你转发 TCP &UDP 数据包发送到指定(备用)位置,并且本质上与ssh -W的行为相同(因为ssh -W是在nc之后建模的).为了使这种变体工作,中间主机需要安装nc并且必须在主机的 sshd_config 中启用选项AllowTcpForwarding(默认:yes).-q0到nc的选项是(应该是)用于消除错误,但我找不到这是引入的哪个版本.(注意:2>/dev/null可能会导致相当ssh错误,但可以使用ssh -q代替.)
- Before the
-Woption was available, we used thenc(or netcat) utility.ncallows you to forward TCP & UDP packets to specified (alternate) locations and essentially behaves the same asssh -W(asssh -Wwas modeled afternc). In order for this variation to work the intermediate host(s) require(s) thatncbe installed and the optionAllowTcpForwardingmust be enabled in the host's sshd_config (default: yes). The option-q0toncis (supposed to be) for quieting errors, but I can't find which version this was introduced. (Note:2> /dev/nullis probably to quitessherrors, but one can usessh -qinstead.)
ProxyCommand ssh proxyserver exec nc -q0 %h %p 2>/dev/null
这与第二个变体非常相似,只是您调用的是 shell 的内置函数
exec.我不确定,但我相信在ProxyCommand中包含或排除exec之间没有区别;这种变化应该在上述变化的任何地方起作用.例如,Bash 手册是这样说的:
This is very much the same as the second variation, except you're calling the shell's built-in function
exec. I'm not sure, but I believe there is no difference between including or excludingexecfrom theProxyCommand; this variation should function everywhere the variation above does. For example, the Bash manual says something like this:
exec [-cl] [-a name] [command [参数]]
exec [-cl] [-a name] [command [arguments]]
如果指定了命令,它将替换外壳.没有创建新进程.论据成为命令的参数.如果提供了 -l 选项,shell 会在传递给命令的第零个参数的开头.这就是 login(1) 所做的.-c选项导致命令在空环境下执行.如果提供了 -a,则外壳将 name 作为第零个参数传递给执行的命令.如果命令无法执行出于某种原因,非交互式 shell 会退出,除非启用了 shell 选项 execfail,在在这种情况下它返回失败.如果文件不能被交互式 shell 返回失败执行.如果未指定命令,则任何重定向都在当前 shell 中生效,并且返回状态为0.如果有重定向错误,返回状态为1.
If command is specified, it replaces the shell. No new process is created. The arguments become the arguments to command. If the -l option is supplied, the shell places a dash at the beginning of the zeroth argument passed to command. This is what login(1) does. The -c option causes command to be executed with an empty environment. If -a is supplied, the shell passes name as the zeroth argument to the executed command. If command cannot be executed for some reason, a non-interactive shell exits, unless the shell option execfail is enabled, in which case it returns failure. An interactive shell returns failure if the file cannot be executed. If command is not specified, any redirections take effect in the current shell, and the return status is 0. If there is a redirection error, the return status is 1.
这篇关于ssh proxycommand -W, nc, exec nc 有什么区别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
