openssh bugs - Feb 2015 - [Bug 2348] New: allow ssh to connect to a unix domain socket

https://bugzilla.mindrot.org/show_bug.cgi?id=2348

            Bug ID: 2348
           Summary: allow ssh to connect to a unix domain socket
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mail at mpopp.eu

Hi,

it would be nice if the ssh client could connect to a local socket.

HostA:
ssh -NR /home/user/tunnel:127.0.0.1:22 HostB

HostB:
ssh /home/user/tunnel

Regards

Marcus

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2348

Daniel Black <daniel.subs at internode.on.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |daniel.subs at internode.on.ne
                   |                            |t

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2348

daniel.black at au.ibm.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |daniel.black at au.ibm.com

--- Comment #1 from daniel.black at au.ibm.com ---
0. Fun (aka over engineered workaround)

1. Listen and forward

set up a ssh listen on a unix socket:

socat UNIX-LISTEN:/tmp/ssh.sock,fork TCP:server1:22

2. bit of ssh_config magic:

host /*
   ProxyCommand /home/dan/socket-ssh.py %h
   ProxyUseFdpass yes
   ControlMaster no
   ControlPath none


3. script magic

(shamelessly modified from
http://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/)

$ cat /home/dan/socket-ssh.py
#!/usr/bin/env python3

import sys
import socket
import array

# Create the file descriptor:
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0)
s.connect(sys.argv[1])

# Pass the file descriptor:
fds = array.array("i", [s.fileno()])
ancdata = [(socket.SOL_SOCKET, socket.SCM_RIGHTS, fds)]
socket.socket(fileno = 1).sendmsg([b'\0'], ancdata)

4. test

ssh -o ControlPath=none -v  -l danielgb /tmp/ssh.sock

5. success

OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017
debug1: Reading configuration data /home/dan/.ssh/config
debug1: /home/dan/.ssh/config line 81: Applying options for /*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Executing proxy dialer command: exec /home/dan/socket-ssh.py
/tmp/ssh.sock
...
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/dan/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to /tmp/ssh.sock ([/tmp/ssh.sock]:0).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com
want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: getsockopt TCP_NODELAY: Operation not supported
debug1: Sending environment.
debug1: Sending env LANG = en_AU.UTF-8
debug1: Sending env LANGUAGE 
-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2348

Stormy <adamgrayling at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |adamgrayling at gmail.com

--- Comment #2 from Stormy <adamgrayling at gmail.com> ---
(In reply to Daniel Black from comment #1)
> 0. Fun (aka over engineered workaround)
> 
> 1. Listen and forward
> 
> set up a ssh listen on a unix socket:
> 
> socat UNIX-LISTEN:/tmp/ssh.sock,fork TCP:server1:22
> 
> 2. bit of ssh_config magic:
> 
> host /*
>    ProxyCommand /home/dan/socket-ssh.py %h
>    ProxyUseFdpass yes
>    ControlMaster no
>    ControlPath none
> 
> 
> 3. script magic
> 
> (shamelessly modified from
> http://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/)
> 
> $ cat /home/dan/socket-ssh.py
> #!/usr/bin/env python3
> 
> import sys
> import socket
> import array
> 
> # Create the file descriptor:
> s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0)
> s.connect(sys.argv[1])
> 
> # Pass the file descriptor:
> fds = https://whatstatus.co/non-veg-jokes array.array("i",
[s.fileno()])
> ancdata = [(socket.SOL_SOCKET, socket.SCM_RIGHTS, fds)]
> socket.socket(fileno = 1).sendmsg([b'\0'], ancdata)
> 
> 4. test
> 
> ssh -o ControlPath=none -v  -l danielgb /tmp/ssh.sock
> 
> 5. success
> 
> OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017
> debug1: Reading configuration data /home/dan/.ssh/config
> debug1: /home/dan/.ssh/config line 81: Applying options for /*
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 58: Applying options for *
> debug1: Executing proxy dialer command: exec /home/dan/socket-ssh.py
> /tmp/ssh.sock
> ...
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info:
> server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/dan/.ssh/id_rsa
> debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
> debug1: Authentication succeeded (publickey).
> Authenticated to /tmp/ssh.sock ([/tmp/ssh.sock]:0).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: pledge: exec
> debug1: client_input_global_request: rtype hostkeys-00 at openssh.com
> want_reply 0
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug1: getsockopt TCP_NODELAY: Operation not supported
> debug1: Sending environment.
> debug1: Sending env LANG = en_AU.UTF-8
> debug1: Sending env LANGUAGE 
it would be nice if the ssh client could connect to a local socket.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2348

Oliver Kurth <okurth at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |okurth at gmail.com

--- Comment #3 from Oliver Kurth <okurth at gmail.com> ---
This PR would implement this feature:
https://github.com/openssh/openssh-portable/pull/435

I have a use case where this is together with VMware Fusion to connect
to a VM, without using network. I can imagine many similar use cases.

I am aware that it's possible to do this with a proxy command, but IMHO
that is an extra step and a direct connection is easier to use.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2348

Paul Szabo <psz at maths.usyd.edu.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |psz at maths.usyd.edu.au

--- Comment #4 from Paul Szabo <psz at maths.usyd.edu.au> ---
If "GatewayPorts sameuser" was implemented as per bug #3802
https://bugzilla.mindrot.org/show_bug.cgi?id=3802
then could safely use

  HostA:
  ssh -NR 127.0.0.1:12022:127.0.0.1:22

  HostB:
  ssh ssh://127.0.0.1:12022

-- 
You are receiving this mail because:
You are watching the assignee of the bug.