Subsystems are a layer of abstraction for defining and running remote commands via SSH. Normally remote commands are specified ad hoc on the client command line. For example, the following command runs a script to perform tape backups:
$ ssh server.example.com /usr/local/sbin/tape-backups
Subsystems are a set of remote commands predefined on the server machine, with simple names so that they can be executed conveniently.
The syntax to define subsystems in the server configuration file is slightly different for OpenSSH and Tectia. A subsystem for the preceding backup command is:
# OpenSSH Subsystem backups /usr/local/sbin/tape-backups # Tectia Subsystem-backups /usr/local/sbin/tape-backups
Note that OpenSSH uses the keyword
Subsystem with a separate value for the
subsystem name, whereas Tectia uses a keyword of the form
Subsystem- name. This
Tectia syntax is quite odd and unlike anything else in its configuration
language; we don’t know how it ended up that way.
To run this tape backup script on the server machine, use the ssh -s option:
$ ssh server.example.com -s backups
This command behaves identically to the previous one in which the script was specified explicitly.
Subsystems are mainly a convenience feature to predefine commands
for SSH clients to invoke easily. The additional level of abstraction is
useful for system administrators, who can hide (and therefore easily
change) details for the subsystem commands. For example, the
backups subsystem could be changed ...