4

What is the difference between the following?

Host foo
    ProxyCommand ssh example.com -- /usr/bin/nc %h %p 2> /dev/null

and

Host foo
    ProxyCommand ssh -W %h:%p example.com

Which one should I prefer when? Is either of them faster or more efficient in some way?

user541686
  • 3,033
  • 5
  • 28
  • 43

2 Answers2

6

The two settings do the same thing. The -W option was added in 2010 and is described as a “netcat mode”.

Use ssh -W if you don't need compatibility with versions of OpenBSD prior to 4.7 or with portable OpenSSH prior to 5.5 (I think). Use nc if you do need to support older versions of OpenSSH. ssh -W is preferable if available because it's marginally more efficient and doesn't require a separate utility to be installed.

Gilles 'SO- stop being evil'
  • 807,993
  • 194
  • 1,674
  • 2,175
  • Use `-W` whenever available, our gateway somehow had a lot of `nc` instances spinning even if the SSH connection to the gateway was gone. – Lekensteyn Nov 09 '14 at 10:35
1

Using ssh directly will always be marginally faster because you're not calling out to the external nc binary, and it should be preferred because there's no guarantee nc exists on the target system.

Riot
  • 231
  • 1
  • 6
  • That's what common sense tells me too, but then it makes me wonder why I see so many sites suggesting the first one instead of the second one. – user541686 Nov 09 '14 at 08:44