11

Short question:

How do I connect to a local unix socket (~/test.sock) via ssh? This sockets forwards to an actual ssh server. The obvious does not work and I can't find any documentation:

public> ssh /home/username/test.sock
"ssh: Could not resolve hostname: /home/username/test.sock: Name of service not known"

Long Question:

The Problem I try to solve, is to connect from my (public) university server to my (local) PC, which is behind NAT and not visible to public.

The canonical solution is to create a ssh proxy/tunnel to local on public:

local> ssh -NR 2222:localhost:22 public

But this is not possible, as the administration prohibits creating ports. So I have thought about using UNIX socket instead, which works:

local> ssh -NR /home/username/test.sock:localhost:22 public

But now, how can I connect to it with ssh?

sebasth
  • 14,332
  • 4
  • 50
  • 68
bvolkmer
  • 409
  • 1
  • 3
  • 9

3 Answers3

12

You should be able to do utilizing socat and ProxyCommand option for ssh. ProxyCommand configures ssh client to use proxy process for communicating with your server. socat establishes two-way communication between STDIN/STDOUT (socat and ssh client) and your UNIX socket.

ssh -o "ProxyCommand socat - UNIX-CLIENT:/home/username/test.sock" foo
sebasth
  • 14,332
  • 4
  • 50
  • 68
  • Alternatively, you may use: `ProxyCommand nc -U /home/username/test.sock` if you don't have `socat` installed. – Yeti Mar 24 '23 at 08:25
3

I've submitted pull request to make this work, but it haven't been merged yet:

https://github.com/openssh/openssh-portable/pull/162

Pawel Jakub Dawidek
  • 66
  • 3
  • Welcome to the site, and thank you for your contribution. You may want to edit your post to include a summary your proposed changes, and how this will solve the OPs problem. – AdminBee Aug 20 '20 at 14:18
-2

I stumbled about https://medium.com/@dperny/forwarding-the-docker-socket-over-ssh-e6567cfab160 which talks about socket forwarding would be possible since OpenSSH 6.7.

Given example is:

ssh -nNT -L $(pwd)/docker.sock:/var/run/docker.sock user@someremote

so no need for socat any more.

Matthias Wiedemann
  • 101
  • 1
  • 1
    -1. This is not what the question is about. The linked article is from 2016 and the question here *already uses socket forwarding* (with `-R`, socket to port, but still). The OP wants to connect to already existing local socket (local while being on `public`) *instead of* to `user@someremote`. The answer with `socat` makes this possible, `foo` there is a dummy address. Your answer connects to `user@someremote`. – Kamil Maciorowski May 09 '20 at 21:02
  • did not see that. Thanks for the explanation – Matthias Wiedemann May 11 '20 at 05:26