ssh代理命令-W、nc、exec nc之间的区别是什么

Question

我看过一些关于.ssh/config和proxycommand的博客

下面的命令有什么不同呢？

ProxyCommand ssh proxyserver -W [%h]:%p

ProxyCommand ssh proxyserver nc -q0 %h %p 2> /dev/null

ProxyCommand ssh proxyserver exec nc -q0 %h %p 2> /dev/null

其中一些命令在某些计算机上有效，而在其他计算机上无效。

Answer 1

下面是我对它的理解：

1. ProxyCommand ssh proxyserver -W [%h]:%p

- The `-W` option is built into new(er) versions of OpenSSH, so this will only work on machines that have the minimum version (5.4, unless your distro back-ported any features; e.g., RHEL6 OpenSSH 5.3p1 includes this feature). Per the release notes: [http://www.openssh.com/txt/release-5.4](http://www.openssh.com/txt/release-5.4)

为ssh(1)添加了一个'netcat模式‘："ssh -W主机:端口...“这会将客户端上的stdio连接到服务器上的单个转发端口。例如，这允许使用ssh作为ProxyCommand通过中间服务器来路由连接。

​

1. ProxyCommand ssh proxyserver nc -q0 %h %p 2> /dev/null

- Before the `-W` option was available, we used the `nc` (or netcat) utility. `nc` allows you to forward TCP & UDP packets to specified (alternate) locations and essentially behaves the same as `ssh -W` (as `ssh -W` was modeled after `nc`). In order for this variation to work the intermediate host(s) require(s) that `nc` be installed and the option `AllowTcpForwarding` must be enabled in the host's sshd\_config (default: yes). The option `-q0` to `nc` is (supposed to be) for quieting errors, but I can't find which version this was introduced. (Note: `2> /dev/null` is probably to quite `ssh` errors, but one can use `ssh -q` instead.)

​

1. ProxyCommand ssh proxyserver exec nc -q0 %h %p 2> /dev/null

- This is very much the same as the second variation, except you're calling the shell's built-in function `exec`. I'm not sure, but I believe there is no difference between including or excluding `exec` from the `ProxyCommand`; this variation should function everywhere the variation above does. For example, the Bash manual says something like this:

exec -cl [命令参数]

如果指定了命令，它将替换shell。不会创建任何新进程。这些参数将成为command的参数。如果提供了-l选项，则外壳程序会在传递给命令的第零个参数的开头放置一个破折号。这就是login(1)所做的事情。-c选项会导致在空环境中执行命令。如果提供了-a，外壳程序会将名称作为第零个参数传递给执行的命令。如果由于某种原因无法执行命令，则非交互式shell将退出，除非启用了shell选项execfail，否则将返回failure。如果文件无法执行，交互式shell将返回失败。如果不指定command，则所有重定向在当前shell中生效，返回状态为0。如果出现重定向错误，则返回状态为1。

​