In the man page of ssh, it says:
-N Do not execute a remote command. This is useful for just forwarding ports.
I don't understand what it means by "Do not execute a remote command."
Can someone explain it to me?
Add a comment
|
2 Answers
Normally, the ssh program runs a command on a remote system (using the remote user's shell). For example, ssh user@server ls -l /tmp lists the content of the /tmp directory on server. When you leave the command out, as in ssh user@server, an interactive login session with the user's shell is launched.
One of the features of OpenSSH is the creation of tunnels. The -D, -L and -R options use various techniques that allow the forwarding of network ports, also known as tunneling. By default, a tunnel created with ssh exists as long as the command executed by ssh runs on the remote server.
Often though, you are not interested in running a remote command; all you want is the tunnel. This is what the -N option is for.
answered Feb 24, 2021 at 13:44
-
2There is at least one situation where you want to run a remote command, even though you only intend to use the tunnel: Often, in a cloud environment, your only access to the systems is by first logging in to a bastion server, and a common security feature is for the server to drop a session that appears passive, meaning your tunnel disappears. In that situation I usually run something like
ping localhostas the remote command; this generates enough activity for the session to stay open. Commented Feb 25, 2021 at 8:41 -
4@j4nd3r53n : there are other ways that do not necessarily necessitate a remote command, and that you can try to use instead of a "ping" : see common openssh option: TCPKeepAlive (that just sends a tcp packet every few seconds to keep the connection alive) Commented Feb 25, 2021 at 8:59
-
2@j4nd3r53n seems like a bug in your bastion server Commented Feb 25, 2021 at 9:17
-
1@OlivierDulac I've tried that one - it makes no difference, unfortunately. Commented Feb 25, 2021 at 9:20
-
2@j4nd3r53n : with the -N as well? (as if you don"t use -N : it opens a remote shell, that may have for exemple a TMOUT variable set (and often made readonly) [or other variable name, depending on the shell] ?) Commented Feb 25, 2021 at 9:33
Usually, ssh will give you a remote shell by executing what is set up as your remote users login shell (e.g. /bin/bash). -N will prevent running anything, which is useful when you just want to use ssh to establish a connection and you don't need a remote shell.
e.g. forwarding ports or creating tunnels:
ssh -N -L 8080:127.0.0.1:80 user@server
And this is not only useful for forwarding ports.
E.g.: I use it in combination with -f and ControlMaster and ControlPath options (e.g. set up in .ssh/config), it can be used to create reusable connections.
ssh -fN user@server # creates connection in the background that can be reused.
