34
32

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 5 years have passed since last update.

SSHトンネルはOS X El Capitanでツンデレになっちゃう

Posted at

昔々、SSHトンネルを整備する時、

ssh -N -p 32200 -c 3des ユーザー@サーバーのip -L ローカルで使用するポート/目的サーバのアドレス/目的サーバで待ち受けてるポート番号 -N -f -o ServerAliveInterval=60

などのやり方で行っていたが、本日、OS X El Capitanにアップグレードしたら、そのコマンドが、Bad local forwarding specificationというエラーが出てきた。

困る。実にこまる。なんだその突然な機能喪失。アップルめ。

そして絶望の中にman sshに尋ねた。以下の通りである。

NAME
 	
 	ssh -- OpenSSH SSH client (remote login program)

SYNOPSIS
	
	ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11][-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q cipher | cipher-auth | mac | kex | key | protocol-version] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]

確かに、[-L [bind_address:]port:host:hostport]が書いている。じゃ、その風にコマンドを編集して試してみよう。あら、成功。

ssh -N -p 32200 -c 3des ユーザー@サーバーのip -L ローカルで使用するポート:目的サーバのアドレス:目的サーバで待ち受けてるポート番号 -N -f -o ServerAliveInterval=60

問題が解決していたが、原因を調べていた。調べとはいえ、推測にすぎないだろう。

OS X El Capitanが搭載しているsshは、ssh -Vで調べたら、OpenSSH_6.9p1, LibreSSL 2.1.7と書いている。そのバージョンのmanはそう書いている。

-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating
a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the con-
nection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be
specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward
privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to
bind the connection to a specific address. The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an
empty address or `*' indicates that the port should be available from all interfaces.

その前のバージョンはそんな厳しくないようだ。例えば、Debian 7OpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007とか、そんな書き方は例に見える。

-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to
listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the
secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6
addresses can be specified with an alternative syntax: [bind_address/]port/host/hostport or by enclosing the address in square brackets. Only the superuser can
forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind
the connection to a specific address. The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an empty address or
'*' indicates that the port should be available from all interfaces.

34
32
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
34
32

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?