OpenSSH Unix Domain Socket Forwarding

description

This projects maintains a patch to OpenSSH which provides local and remote forwarding of Unix domain sockets, similar to the TCP/IP port forwarding capabilities of OpenSSH and the SecSH protocol.

The git repository is currently synchronized with OpenSSH 6.1p1.

The original patch against portable OpenSSH 4.7 (OpenSSH 4.7p1) can be downloaded below.

usage

Specify a path instead of an address:port pair anywhere in -L and -R forward specifications. You can mix-and-match TCP/IP and streamlocal (Unix domain) end points.

A local domain socket which proxies to google: ssh -L/tmp/foo.sock:google.com:80 somehost

Proxy MySQL client connections on a remote server to your local instance: ssh -R/var/run/mysql.sock:/var/run/mysql.sock -R127.0.0.1:3306:/var/run/mysql.sock somehost

The path must have forward slash characters in order to reliably disambiguate. The updated specification parser allows backslash escaping, if for some reason you previously had forward slashes in your hostnames. Backslashes must now, also, be escaped. Basically, parsing mirrors Unix shell syntax with square braces substituting for quotation marks. However, forward slashes must always be escaped to lose their significance, even when quoted.

Two new configuration options are added to ssh_config and sshd_config: StreamLocalBindUnlink and StreamLocalBindMask. The former is a boolean (default:no) which controls whether the binding process calls unlink(2) before bind(2). The latter takes an integer permission mode to use as the umask before calling bind(2). Note that not all systems obey socket permissions; e.g., Solaris.

todo

Regression test forward permissions.

Fix logging.

Obey FakeStreamLocalForwards and, when disabled, hack direct-tcpip and direct-streamlocal@openssh.com requests to forward additional information on the domain socket connection.

news

2012-12-31

Begin data structure refactoring in new branch `refactor-structs'. See address.c for the new container, which will replace the SocketName struct and SOCKETNAME macro hacks.

2012-12-27

Fix local streamlocal forward requests sent over control channel.

2012-12-21

Add regression tests for control master forwarding. Add netstat.pl instead of checking for nc(1), connect(1), netcat(1), etc.

2012-12-19

Try to fixup multiplexing and cancellations. Needs regression tests.

2012-12-12

Publish git repository with patch against OpenSSH 6.1p1.

Neither the ProtocolBanner nor ControlAllowUser patchsets have been carried forward.

The newer master multiplexing code in OpenSSH still needs to be fixed.

2009-08-29

Port to OpenSSH 4.7p1 by Lauri Võsandi.

2006-10-09

Portability fix to get_socket_address() and get_sock_port(). Linux was more lenient than OpenBSD when faced with AF_UNIX sockets.

2006-10-03

Generate patch against OpenSSH 4.4p1.

2006-05-01

Remove static qualifier from forward_options_initializer definition. Bug reported by Glenn Griffin, F5 Networks.

2006-05-01

Project started to maintain the patch published earlier.

license

Copyright (c) 2006 William Ahern

Copyright (c) 2006, 2012 Barracuda Networks, Inc.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

source

git clone http://25thandClement.com/~william/projects/streamlocal.git

download

Download the previous release (2009-08-29, Lauri Võsandi).

Download the previous release (2006-10-09).

Download the previous release (2006-10-03).

Download the previous release (2006-05-01).

Download the original release (2006-04-21).

other projects

airctl | bsdauth | cnippets | libarena | libevnet | authldap | streamlocal | libnostd | zoned | dns.c | delegate.c | llrb.h | lpegk | json.c | cqueues | siphash.h | hexdump.c | timeout.c | luapath | luaossl | lunix | phf | runlua | tarsum | prosody-openbsd | AnonNet