Subsystems are a layer of abstraction for defining and running remote commands via SSH.[83] Normally remote commands are specified ad hoc on the client command line. For example, the following command runs a script to perform tape backups:

    $ ssh /usr/local/sbin/tape-backups

Subsystems are a set of remote commands predefined on the server machine, with simple names so that they can be executed conveniently.

The syntax to define subsystems in the server configuration file is slightly different for OpenSSH and Tectia. A subsystem for the preceding backup command is:

    # OpenSSH
    Subsystem backups   /usr/local/sbin/tape-backups

    # Tectia
    Subsystem-backups   /usr/local/sbin/tape-backups

Note that OpenSSH uses the keyword Subsystem with a separate value for the subsystem name, whereas Tectia uses a keyword of the form Subsystem- name. This Tectia syntax is quite odd and unlike anything else in its configuration language; we don’t know how it ended up that way.

To run this tape backup script on the server machine, use the ssh -s option:

    $ ssh -s backups

This command behaves identically to the previous one in which the script was specified explicitly.

Subsystems are mainly a convenience feature to predefine commands for SSH clients to invoke easily. The additional level of abstraction is useful for system administrators, who can hide (and therefore easily change) details for the subsystem commands. For example, the backups subsystem could be changed ...

Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.