[Bug 2348] allow ssh to connect to a unix domain socket

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Wed Nov 8 13:43:21 AEDT 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2348

daniel.black at au.ibm.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |daniel.black at au.ibm.com

--- Comment #1 from daniel.black at au.ibm.com ---
0. Fun (aka over engineered workaround)

1. Listen and forward

set up a ssh listen on a unix socket:

socat UNIX-LISTEN:/tmp/ssh.sock,fork TCP:server1:22

2. bit of ssh_config magic:

host /*
   ProxyCommand /home/dan/socket-ssh.py %h
   ProxyUseFdpass yes
   ControlMaster no
   ControlPath none


3. script magic

(shamelessly modified from
http://www.gabriel.urdhr.fr/2016/08/07/openssh-proxyusefdpass/)

$ cat /home/dan/socket-ssh.py
#!/usr/bin/env python3

import sys
import socket
import array

# Create the file descriptor:
s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM, 0)
s.connect(sys.argv[1])

# Pass the file descriptor:
fds = array.array("i", [s.fileno()])
ancdata = [(socket.SOL_SOCKET, socket.SCM_RIGHTS, fds)]
socket.socket(fileno = 1).sendmsg([b'\0'], ancdata)

4. test

ssh -o ControlPath=none -v  -l danielgb /tmp/ssh.sock

5. success

OpenSSH_7.5p1, OpenSSL 1.1.0f-fips  25 May 2017
debug1: Reading configuration data /home/dan/.ssh/config
debug1: /home/dan/.ssh/config line 81: Applying options for /*
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 58: Applying options for *
debug1: Executing proxy dialer command: exec /home/dan/socket-ssh.py
/tmp/ssh.sock
...
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey after 134217728 blocks
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<rsa-sha2-256,rsa-sha2-512>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/dan/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug1: Authentication succeeded (publickey).
Authenticated to /tmp/ssh.sock ([/tmp/ssh.sock]:0).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: pledge: exec
debug1: client_input_global_request: rtype hostkeys-00 at openssh.com
want_reply 0
debug1: Requesting X11 forwarding with authentication spoofing.
debug1: getsockopt TCP_NODELAY: Operation not supported
debug1: Sending environment.
debug1: Sending env LANG = en_AU.UTF-8
debug1: Sending env LANGUAGE =

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list