Bug 2740 - provide a way of forwarding a Unix-domain socket to user's runtime (home) directory
Summary: provide a way of forwarding a Unix-domain socket to user's runtime (home) dir...
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.5p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-07-10 19:58 AEST by Daiki Ueno
Modified: 2017-07-10 19:58 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daiki Ueno 2017-07-10 19:58:21 AEST 
This is originally requested as:
http://marc.info/?l=openssh-unix-dev&m=149763004321855&w=2

Currently, the Unix-domain socket forwarding only accepts absolute paths, which requires knowledge about the remote file-system layout.  It would be useful if one could forward a Unix-domain socket without specifying the full path name of the socket on the remote end.

There are couple of use-cases:

- gpg-agent forwarding uses this syntax:
  RemoteForward /home/<user>/.gnupg/S.gpg-agent /home/<user>/.gnupg/S.gpg-agent.extra
  https://wiki.gnupg.org/AgentForwarding

- smart card forwarding with p11-kit uses /run/user/$UID/p11-kit
  https://fosdem.org/2017/schedule/event/smartcard_forwarding/

On the mailing list, it was suggested to call a remote script to determine the path instead of letting sshd resolve the path.  However, although the approach could be more flexible, it requires extra complexity in the client implementation due to the additional round-trip.