[Bug 2740] New: provide a way of forwarding a Unix-domain socket to user's runtime (home) directory

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Jul 10 19:58:21 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2740

            Bug ID: 2740
           Summary: provide a way of forwarding a Unix-domain socket to
                    user's runtime (home) directory
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: ueno at gnu.org

This is originally requested as:
http://marc.info/?l=openssh-unix-dev&m=149763004321855&w=2

Currently, the Unix-domain socket forwarding only accepts absolute
paths, which requires knowledge about the remote file-system layout. 
It would be useful if one could forward a Unix-domain socket without
specifying the full path name of the socket on the remote end.

There are couple of use-cases:

- gpg-agent forwarding uses this syntax:
  RemoteForward /home/<user>/.gnupg/S.gpg-agent
/home/<user>/.gnupg/S.gpg-agent.extra
  https://wiki.gnupg.org/AgentForwarding

- smart card forwarding with p11-kit uses /run/user/$UID/p11-kit
  https://fosdem.org/2017/schedule/event/smartcard_forwarding/

On the mailing list, it was suggested to call a remote script to
determine the path instead of letting sshd resolve the path.  However,
although the approach could be more flexible, it requires extra
complexity in the client implementation due to the additional
round-trip.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list