1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
'\" t
.TH "SYSTEMD\-SSH\-PROXY" "1" "" "systemd 256~rc3" "systemd-ssh-proxy"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
systemd-ssh-proxy \- SSH client plugin for connecting to \fBAF_VSOCK\fR and \fBAF_UNIX\fR sockets
.SH "SYNOPSIS"
.sp
.nf
Host unix/* vsock/*
ProxyCommand /usr/lib/systemd/systemd\-ssh\-proxy %h %p
ProxyUseFdpass yes
.fi
.HP \w'\fB/usr/lib/systemd/systemd\-ssh\-proxy\fR\ 'u
\fB/usr/lib/systemd/systemd\-ssh\-proxy\fR [ADDRESS] [PORT]
.SH "DESCRIPTION"
.PP
\fBsystemd\-ssh\-proxy\fR
is a small "proxy" plugin for the
\fBssh\fR(1)
tool that allows connecting to
\fBAF_UNIX\fR
and
\fBAF_VSOCK\fR
sockets\&. It implements the interface defined by
ssh\*(Aqs
\fIProxyCommand\fR
configuration option\&. It\*(Aqs supposed to be used with an
\fBssh_config\fR(5)
configuration fragment like the following:
.sp
.if n \{\
.RS 4
.\}
.nf
Host unix/* vsock/*
ProxyCommand /usr/lib/systemd/systemd\-ssh\-proxy %h %p
ProxyUseFdpass yes
CheckHostIP no
Host \&.host
ProxyCommand /usr/lib/systemd/systemd\-ssh\-proxy unix/run/ssh\-unix\-local/socket %p
ProxyUseFdpass yes
CheckHostIP no
.fi
.if n \{\
.RE
.\}
.PP
A configuration fragment along these lines is by default installed into
/etc/ssh/ssh_config\&.d/20\-systemd\-ssh\-proxy\&.conf\&.in\&.
.PP
With this in place, SSH connections to host string
"unix/"
followed by an absolute
\fBAF_UNIX\fR
file system path to a socket will be directed to the specified socket, which must be of type
\fBSOCK_STREAM\fR\&. Similar, SSH connections to
"vsock/"
followed by an
\fBAF_VSOCK\fR
CID will result in an SSH connection made to that CID\&. Moreover connecting to
"\&.host"
will connect to the local host via SSH, without involving networking\&.
.PP
This tool is supposed to be used together with
\fBsystemd-ssh-generator\fR(8)
which when run inside a VM or container will bind SSH to suitable addresses\&.
\fBsystemd\-ssh\-generator\fR
is supposed to run in the container of VM guest, and
\fBsystemd\-ssh\-proxy\fR
is run on the host, in order to connect to the container or VM guest\&.
.SH "EXIT STATUS"
.PP
On success, 0 is returned, a non\-zero failure code otherwise\&.
.SH "EXAMPLES"
.PP
\fBExample\ \&1.\ \&Talk to a local VM with CID 4711\fR
.sp
.if n \{\
.RS 4
.\}
.nf
ssh vsock/4711
.fi
.if n \{\
.RE
.\}
.PP
\fBExample\ \&2.\ \&Talk to the local host via ssh\fR
.sp
.if n \{\
.RS 4
.\}
.nf
ssh \&.host
.fi
.if n \{\
.RE
.\}
.PP
or equivalent:
.sp
.if n \{\
.RS 4
.\}
.nf
ssh unix/run/ssh\-unix\-local/socket
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBsystemd\fR(1), \fBsystemd-ssh-generator\fR(8), \fBvsock\fR(7), \fBunix\fR(7), \fBssh\fR(1), \fBsshd\fR(8)
|
