Re: ControlPath versus ProxyCommand

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 03Nov2017 13:07, Damien Miller <djm@xxxxxxxxxxx> wrote:
On Fri, 3 Nov 2017, Cameron Simpson wrote:
TL;DR: I expect ProxyCommand to have effect in preference to
ControlPath.
[...]
On reflection, of course these are distinct options and that side of
things isn't, of itself, a bug. However, is there a sane use case for
using ControlMaster/ControlPath at all if there is a ProxyCommand? I
would have thought not. [...]

They are quite othorgonal features, but the whole point of multiplexing
is to avoid the need to make additonal connections. So it's quite
logical that ssh checks ControlPath for an active mux master before
attempting a new connection (that may use ProxyCommand).

There's little point to specifying ControlMaster=no and a ProxyCommand
because there is no fallback to making a new connection in that case,
but ControlMaster=yes/auto/autoask with ProxyCommand is quite sensible:
"try to use multiplexing but if you have to open a new connection then
do it via this proxy".

Ah, now the rationale is apparent. Ok, that makes sense to me. Thank you.

 ProxyCommand ssh MAIN nc 127.0.0.1 7777
If your ssh client is new enough, you should try ssh -J / JumpHost instead.

I give this particular script to others, so that may not be feasible yet. But I saw that option arrive and intend to make us of it. Nice! I discovered -G too recently, very useful to me. Not least for autorestarting persistent tunnels when I modify a config file (I use the output as a signature string).

Cheers,
Cameron Simpson <cs@xxxxxxxxxx> (formerly cs@xxxxxxxxxx)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux