Win32-OpenSSH icon indicating copy to clipboard operation
Win32-OpenSSH copied to clipboard
verified publisher icon PowerShell

Forward named pipe through SSH tunnel

Open friism opened this issue 9 years ago • 7 comments

(This is a cross-post from Stackoverflow)

I'd like to forward a named pipe over SSH, from remote Windows machine to a local machine. The remote Windows machine is running sshd. The pipe I want to forward is for the Docker Engine API, although that shouldn't matter.

To forward an equivalent Unix domain socket from a remote Unix machine, I'd run (and this works):

ssh -NL localhost:2374:/var/run/docker.sock user@host

The equivalent for a remote Windows machine named pipe would be:

ssh -NL localhost:2373://./pipe/docker_engine Administrator@windows-host
channel 2: open failed: administratively prohibited: open failed

Running sshd in debug mode, I see this when trying to connect through the tunnel:

debug1: Entering interactive session for SSH2.
debug1: pipe - read end: handle:0000000000000244, io:000001C199D59F20, fd:4
debug1: pipe - write end: handle:0000000000000238, io:000001C199D3F5F0, fd:6
debug1: server_init_dispatch_20
debug1: server_input_global_request: rtype [email protected] want_reply 0
debug1: server_input_channel_open: ctype [email protected] rchan 2 win 2097152 max 32768
debug1: server_request_direct_streamlocal: originator ::1 port 59191, target //./pipe/docker_engine
debug1: socket - socket() ERROR:47, io:000001C199D593F0
socket: Unknown error
connect to //./pipe/docker_engine port -2 failed: Unknown error
debug1: server_input_channel_open: failure [email protected]
debug1: server_input_channel_open: ctype [email protected] rchan 2 win 2097152 max 32768
debug1: server_request_direct_streamlocal: originator ::1 port 59192, target //./pipe/docker_engine
debug1: socket - socket() ERROR:47, io:000001C199D593F0
socket: Unknown error
connect to //./pipe/docker_engine port -2 failed: Unknown error
debug1: server_input_channel_open: failure [email protected]

friism avatar Dec 11 '16 22:12 friism

Named pipes have to be handled differently(not like regular socket) in the win32compat socket-io layer.

arif-pragmasys avatar Dec 19 '16 21:12 arif-pragmasys

SSH doesn't seem to support forwarding files (things that use the file APIs, including *nix FIFOs/named pipes and Windows named pipes). This is awkward, since Windows named pipes really are NT's equivalent of Unix domain sockets.

There ought to be a way to connect to pipes (Unix or Windows) using file APIs on the remote end, but I don't know of one.

cbhacking avatar Mar 20 '17 19:03 cbhacking

This is currently not supported but should work once AF_UNIX sockets support is added in POSIX adapter layer.

manojampalam avatar Mar 23 '17 05:03 manojampalam

@manojampalam Any updates on that AF_UNIX socket support? I just tried this with OpenSSH on Windows Server 2019 and got a slightly different error:

channel 3: open failed: connect failed: Not a socket

aidansteele avatar Jul 01 '19 01:07 aidansteele

@aidansteele sorry. Nothing in the horizon yet.

manojampalam avatar Jul 11 '19 19:07 manojampalam

@manojampalam Any update on this?

baflo avatar Mar 02 '22 12:03 baflo

https://github.com/PowerShell/openssh-portable/pull/433 looks promising. Can anyone pick this up?

hoang-himself avatar May 23 '22 02:05 hoang-himself