I tested out Unix domain socket support in 6.7: # On Ubuntu 14.04 amd64 wget the source ./configure --prefix=/home/swarren/ssh-test/install --with-pam --with-kerberos5 make make install In one console, ran the newly installed sshd. In another: ./ssh -p 863 -R /run/user/1000/keyring-wpPOO8/gpg-fwd:/run/user/1000/keyring-wpPOO8/gpg 127.0.0.1 Then within the SSH session, tested access to /run/user/1000/keyring-wpPOO8/gpg-fwd, and verified it connects to /run/user/1000/keyring-wpPOO8/gpg on the client. In my case /run/user/1000/keyring-wpPOO8/gpg was actually the path from $GPG_AGENT_INFO, although I don't think that matters. When I disconnect the ssh session, the path /run/user/1000/keyring-wpPOO8/gpg-fwd is not deleted. lsof doesn't show any processes with the file open. When I re-execute the same ssh command above, the domain socket forwarding fails, with the following showing up in sshd's log: Nov 6 23:25:12 dart sshd[19120]: error: bind: Address already in use Nov 6 23:25:12 dart sshd[19120]: error: unix_listener: cannot bind to path: /run/user/1000/keyring-wpPOO8/gpg-fwd If I rm the domain socket manually on the server, then forwarding with that remote name works again, once, until I delete it again, etc.
ssh/sshd should probably clean up after itself better, but you might be interested in the ssh_config StreamLocalBindUnlink option in the meantime
Yes, that option seems to work. Shouldn't it be the default if sshd isn't going to clean up after itself when connections drop? I wonder if it interacts correctly with control masters?
(In reply to Stephen Warren from comment #2) > Yes, that option seems to work. > > Shouldn't it be the default if sshd isn't going to clean up after > itself when connections drop? I'd think so. And ssh client too for localforwards. > I wonder if it interacts correctly with control masters? StreamLocalBindUnlink appears to leave existing local forward sockets alone and assume they remain connected to the same remote end.