2348 – allow ssh to connect to a unix domain socket

Bug 2348 - allow ssh to connect to a unix domain socket

Summary: allow ssh to connect to a unix domain socket

Status:	NEW

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	ssh (show other bugs)
Version:	-current
Hardware:	All All

Importance:	P5 enhancement
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-02-02 23:24 AEDT by Marcus Popp
Modified:	2019-01-14 19:01 AEDT (History)
CC List:	3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Popp 2015-02-02 23:24:21 AEDT

Hi,

it would be nice if the ssh client could connect to a local socket.

HostA:
ssh -NR /home/user/tunnel:127.0.0.1:22 HostB

HostB:
ssh /home/user/tunnel

Regards

Marcus

Comment 1 Daniel Black 2017-11-08 13:43:21 AEDT

0. Fun (aka over engineered workaround)

1. Listen and forward

set up a ssh listen on a unix socket:

socat UNIX-LISTEN:/tmp/ssh.sock,fork TCP:server1:22

2. bit of ssh_config magic:

host /*
   ProxyCommand /home/dan/socket-ssh.py %h
   ProxyUseFdpass yes
   ControlMaster no
   ControlPath none


3. script magic

(shamelessly modified from http://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/)

$ cat /home/dan/socket-ssh.py
#!/usr/bin/env python3

import sys
import socket
import array

# Create the file descriptor:
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0)
s.connect(sys.argv[1])

# Pass the file descriptor:
fds = array.array("i", [s.fileno()])
ancdata = [(socket.SOL_SOCKET, socket.SCM_RIGHTS, fds)]
socket.socket(fileno = 1).sendmsg([b'\0'], ancdata)

4. test

ssh -o ControlPath=none -v  -l danielgb /tmp/ssh.sock

5. success

OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017
debug1: Reading configuration data /home/dan/.ssh/config
debug1: /home/dan/.ssh/config line 81: Applying options for /*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Executing proxy dialer command: exec /home/dan/socket-ssh.py /tmp/ssh.sock
...
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/dan/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to /tmp/ssh.sock ([/tmp/ssh.sock]:0).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype hostkeys-00@openssh.com want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: getsockopt TCP_NODELAY: Operation not supported
debug1: Sending environment.
debug1: Sending env LANG = en_AU.UTF-8
debug1: Sending env LANGUAGE =

Comment 2 Stormy 2019-01-14 19:01:30 AEDT

(In reply to Daniel Black from comment #1)
> 0. Fun (aka over engineered workaround)
> 
> 1. Listen and forward
> 
> set up a ssh listen on a unix socket:
> 
> socat UNIX-LISTEN:/tmp/ssh.sock,fork TCP:server1:22
> 
> 2. bit of ssh_config magic:
> 
> host /*
>    ProxyCommand /home/dan/socket-ssh.py %h
>    ProxyUseFdpass yes
>    ControlMaster no
>    ControlPath none
> 
> 
> 3. script magic
> 
> (shamelessly modified from
> http://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/)
> 
> $ cat /home/dan/socket-ssh.py
> #!/usr/bin/env python3
> 
> import sys
> import socket
> import array
> 
> # Create the file descriptor:
> s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0)
> s.connect(sys.argv[1])
> 
> # Pass the file descriptor:
> fds = https://whatstatus.co/non-veg-jokes array.array("i", [s.fileno()])
> ancdata = [(socket.SOL_SOCKET, socket.SCM_RIGHTS, fds)]
> socket.socket(fileno = 1).sendmsg([b'\0'], ancdata)
> 
> 4. test
> 
> ssh -o ControlPath=none -v  -l danielgb /tmp/ssh.sock
> 
> 5. success
> 
> OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017
> debug1: Reading configuration data /home/dan/.ssh/config
> debug1: /home/dan/.ssh/config line 81: Applying options for /*
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: /etc/ssh/ssh_config line 58: Applying options for *
> debug1: Executing proxy dialer command: exec /home/dan/socket-ssh.py
> /tmp/ssh.sock
> ...
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: rekey after 134217728 blocks
> debug1: SSH2_MSG_EXT_INFO received
> debug1: kex_input_ext_info:
> server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey,password
> debug1: Next authentication method: publickey
> debug1: Offering RSA public key: /home/dan/.ssh/id_rsa
> debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
> debug1: Authentication succeeded (publickey).
> Authenticated to /tmp/ssh.sock ([/tmp/ssh.sock]:0).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: pledge: exec
> debug1: client_input_global_request: rtype hostkeys-00@openssh.com
> want_reply 0
> debug1: Requesting X11 forwarding with authentication spoofing.
> debug1: getsockopt TCP_NODELAY: Operation not supported
> debug1: Sending environment.
> debug1: Sending env LANG = en_AU.UTF-8
> debug1: Sending env LANGUAGE =

it would be nice if the ssh client could connect to a local socket.