scp -S, sftp -S
Frederik Eaton
frederik at a5.repetae.net
Fri Aug 5 02:36:10 EST 2005
> [...]
> If you have pubkey auth then it's pretty much transparent.
>
> You pay a price in multiple encryption (although you can mitigate this
> by specifying a fast cipher like arcfour for the intermediate hops.)
>
> One day I'd like ssh to learn how to establish a single port forward and
> pass the traffic to and from stdin/stdout, which would remove the need
> to have connect/nc on the intermediate hosts (and the modified ssh would
> only be required on the client end).
I see. That would be nice. But why was 'connect' needed at all? I
found that nesting ssh as I described works fine (except that you need
a wrapper script to manage the task of quoting your command properly).
Does your version have lower latency or something? I guess my version
puts some extra encryption burden on the firewall, and doesn't have
end-end encryption, so if you don't trust the firewall operator...
Anyway, I do this often enough that I think I'll find my shorter
syntax quite useful. If necessary, the wrapper script can always be
modified to chain things with ProxyCommand instead of through the ssh
remote command arguments.
Frederik
More information about the openssh-unix-dev
mailing list