This option is only used for port forwarding to a Unix-domain socket file. If the socket file already exists and StreamLocalBindUnlink is not enabled, sshd will be unable to forward the port to Specifies whether to remove an existing Unix-domain socket file for local or remote port forwarding before creating a new And this is exactly what the StreamLocalBindUnlink yes tells sshd to do. However, as I researched the subject further I came to the realisation that the "best practice" with unix sockets is to unlink right before binding to it ( Check this SO answer for more details).
They need to be manually cleaned up when closing if this is desired by calling remove/ unlink with the filepath, but openssh does not do this. The reason this happens is because unix socket files are not automatically removed when the socket is closed. The solution is to set the value of StreamLocalBindUnlink to yes in sshd configuration on the server: sudo sh -c 'echo "StreamLocalBindUnlink yes" > /etc/ssh/sshd_config'.
#Python 3 create ssh tunnel to socket mac
Tested with client/server both running Debian 9 (client actually on mac inside docker container) using openssh-client/server version 7.4p1-10+deb9u2
#Python 3 create ssh tunnel to socket how to
So, if you have better ideas how to solve this issue I'm all ears. There's no need to know some magic port number that the reverse tunnel on the server is suppose to be running on.
Ssh -v -i -4 -N -T -L "127.0.0.1:3334:/home/dude/lol.sock" -p -o "ExitOnForwardFailure yes" -o ConnectTimeout=5 -oĬonnectionAttempts=3 -o ServerAliveInterval=15 -o And when dude wants to connect to the service on some other server all he needs to know is the name of the service and bind it to some random local port (or socket if he wants to) i.e. It also frees me from having to keep record of which dude is using which port to expose which service. The idea behind using the sockets is simply that the server is going to handle n "dudes" creating reverse tunnels for m "lol" services in whatever ports and using sockets makes it much easier to ensure that a "dude" can only access and bind to his own sockets, but not other dudes sockets. What would be the supported way / best hack to cleanup the socket after disconnect? Is this a bug in sshd, shouldn't it do that automatically if/when disconnects are noticed? Backstory: On the server side you get something like: error: bind: Address already in useĮrror: unix_listener: cannot bind to path: /home/dude/lol.socket So as the reverse tunnel initiator is recovering and tries to recreate the tunnel it can't because: Error: remote port forwarding failed for listen path /home/dude/lol.socket
The created socket file /home/dude/lol.socket on the someserver does not get deleted by sshd. say the computer reboots due to maintenance or error or there's internet connectivity issues or whatever -> we have a big problem. If I run something like this: ssh -4 -f -N -T -R "/home/dude/lol.socket:192.168.4.44:4444" -p 22 -i privatekey -o "ExitOnForwardFailure yes" -o ConnectTimeout=5 -o ConnectionAttempts=3 -o ServerAliveInterval=15 -oĪnd then lets say the connection is closed or dies for whatever reason.
0 kommentar(er)
