昔々、SSHトンネルを整備する時、
ssh -N -p 32200 -c 3des ユーザー@サーバーのip -L ローカルで使用するポート/目的サーバのアドレス/目的サーバで待ち受けてるポート番号 -N -f -o ServerAliveInterval=60
などのやり方で行っていたが、本日、OS X El Capitanにアップグレードしたら、そのコマンドが、Bad local forwarding specification
というエラーが出てきた。
困る。実にこまる。なんだその突然な機能喪失。アップルめ。
そして絶望の中にman ssh
に尋ねた。以下の通りである。
NAME
ssh -- OpenSSH SSH client (remote login program)
SYNOPSIS
ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11][-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q cipher | cipher-auth | mac | kex | key | protocol-version] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command]
確かに、[-L [bind_address:]port:host:hostport]
が書いている。じゃ、その風にコマンドを編集して試してみよう。あら、成功。
ssh -N -p 32200 -c 3des ユーザー@サーバーのip -L ローカルで使用するポート:目的サーバのアドレス:目的サーバで待ち受けてるポート番号 -N -f -o ServerAliveInterval=60
問題が解決していたが、原因を調べていた。調べとはいえ、推測にすぎないだろう。
OS X El Capitanが搭載しているssh
は、ssh -V
で調べたら、OpenSSH_6.9p1, LibreSSL 2.1.7
と書いている。そのバージョンのman
はそう書いている。
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating
a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the con-
nection is forwarded over the secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be
specified in the configuration file. IPv6 addresses can be specified by enclosing the address in square brackets. Only the superuser can forward
privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to
bind the connection to a specific address. The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an
empty address or `*' indicates that the port should be available from all interfaces.
その前のバージョンはそんな厳しくないようだ。例えば、Debian 7
のOpenSSH_5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007
とか、そんな書き方は例に見える。
-L [bind_address:]port:host:hostport
Specifies that the given port on the local (client) host is to be forwarded to the given host and port on the remote side. This works by allocating a socket to
listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the
secure channel, and a connection is made to host port hostport from the remote machine. Port forwardings can also be specified in the configuration file. IPv6
addresses can be specified with an alternative syntax: [bind_address/]port/host/hostport or by enclosing the address in square brackets. Only the superuser can
forward privileged ports. By default, the local port is bound in accordance with the GatewayPorts setting. However, an explicit bind_address may be used to bind
the connection to a specific address. The bind_address of ``localhost'' indicates that the listening port be bound for local use only, while an empty address or
'*' indicates that the port should be available from all interfaces.