Hi,

I've been planning to develop a support for tunneling between "local_tcp
=> server_AF_UNIX".

This way, every user of server machine, can have:
1. personal address space (if socket is located on personal directory).
Currently one must check assigned local port every time starting a
server (e.g. vncserver), and redirect a local port to "random" remote
port.
2. Added security. If server application in remote machine supports
AF_UNIX sockets, socket can be made accissible to the user only (by
locating it to 700 directory).

Questions:

3. Is there a way to achieve same goals with current ssh version?

4. Is there a reason not to do this?

5. Is there a already available naming convention to support different
address families?
Quick_n_dirty way would be prefixing host_address with some predefined
"illegal" character (e.g. '#'), to signal the AF_UNIX address. But I see
that general, expandable naming convention would give more. One could
e.g. define an address space of "AF_EXEC", which would execute program
on remote host every time new tunnel is initiated.
I was thinking something like:
"AF_UNIX::/home/user/dir/sock_file" for UNIX sockets (ssh -newflag
8080:AF_UNIX::/home/user/dir/sock_file hostname.com)
"AF_INET::localhost:80" for tcp redirection, this should be default, if
no AF_* is specified.
"AF_EXEC::/home/user/server_executable -p param" for executable
redirection.

6. Local port support for new address families can gain some new usage.
Any ideas for this?

Any further ideas ?

--
Topi


_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://lists.mindrot.org/mailman/lis...enssh-unix-dev