Bug 2740

Summary: provide a way of forwarding a Unix-domain socket to user's runtime (home) directory
Product: Portable OpenSSH Reporter: Daiki Ueno <ueno>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement    
Priority: P5    
Version: 7.5p1   
Hardware: Other   
OS: Linux   

Description Daiki Ueno 2017-07-10 19:58:21 AEST
This is originally requested as:
http://marc.info/?l=openssh-unix-dev&m=149763004321855&w=2

Currently, the Unix-domain socket forwarding only accepts absolute paths, which requires knowledge about the remote file-system layout.  It would be useful if one could forward a Unix-domain socket without specifying the full path name of the socket on the remote end.

There are couple of use-cases:

- gpg-agent forwarding uses this syntax:
  RemoteForward /home/<user>/.gnupg/S.gpg-agent /home/<user>/.gnupg/S.gpg-agent.extra
  https://wiki.gnupg.org/AgentForwarding

- smart card forwarding with p11-kit uses /run/user/$UID/p11-kit
  https://fosdem.org/2017/schedule/event/smartcard_forwarding/

On the mailing list, it was suggested to call a remote script to determine the path instead of letting sshd resolve the path.  However, although the approach could be more flexible, it requires extra complexity in the client implementation due to the additional round-trip.