NAME | SYNOPSIS | DESCRIPTION | EXIT STATUS | EXAMPLES | SEE ALSO | NOTES | COLOPHON |
|
|
SYSTEMD-SSH-PROXY(1) systemd-ssh-proxy SYSTEMD-SSH-PROXY(1)
systemd-ssh-proxy - SSH client plugin for connecting to AF_VSOCK and AF_UNIX sockets
Host unix/* vsock/* vsock-mux/* ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p ProxyUseFdpass yes /usr/lib/systemd/systemd-ssh-proxy [ADDRESS] [PORT]
systemd-ssh-proxy is a small "proxy" plugin for the ssh(1) tool that allows connecting to AF_UNIX and AF_VSOCK sockets. It implements the interface defined by ssh's ProxyCommand configuration option. It's supposed to be used with an ssh_config(5) configuration fragment like the following: Host unix/* vsock/* vsock-mux/* ProxyCommand /usr/lib/systemd/systemd-ssh-proxy %h %p ProxyUseFdpass yes CheckHostIP no Host .host ProxyCommand /usr/lib/systemd/systemd-ssh-proxy unix/run/ssh-unix-local/socket %p ProxyUseFdpass yes CheckHostIP no A configuration fragment along these lines is by default installed into /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf.in. With this in place, SSH connections to host string "unix/" followed by an absolute AF_UNIX file system path to a socket will be directed to the specified socket, which must be of type SOCK_STREAM. Similar, SSH connections to "vsock/" followed by an AF_VSOCK CID will result in an SSH connection made to that CID. "vsock-mux/" followed by an absolute AF_UNIX file system path to a socket is similar but for cloud-hypervisor/firecracker which don't allow direct AF_VSOCK communication between the host and guests, and provide their own multiplexer over AF_UNIX sockets. See cloud-hypervisor VSOCK support[1] and Using the Firecracker Virtio-vsock Device[2]. Moreover connecting to ".host" will connect to the local host via SSH, without involving networking. This tool is supposed to be used together with systemd-ssh-generator(8) which when run inside a VM or container will bind SSH to suitable addresses. systemd-ssh-generator is supposed to run in the container of VM guest, and systemd-ssh-proxy is run on the host, in order to connect to the container or VM guest.
On success, 0 is returned, a non-zero failure code otherwise.
Example 1. Talk to a local VM with CID 4711 ssh vsock/4711 Example 2. Talk to a VM guest hosted with cloud-hypervisor/firecracker ssh vsock-mux/run/vm-1234.sock Example 3. Talk to the local host via ssh ssh .host or equivalent: ssh unix/run/ssh-unix-local/socket
systemd(1), systemd-ssh-generator(8), vsock(7), unix(7), ssh(1), sshd(8)
1. cloud-hypervisor VSOCK support https://github.com/cloud-hypervisor/cloud-hypervisor/blob/main/docs/vsock.md 2. Using the Firecracker Virtio-vsock Device https://github.com/firecracker-microvm/firecracker/blob/main/docs/vsock.md
This page is part of the systemd (systemd system and service
manager) project. Information about the project can be found at
⟨http://www.freedesktop.org/wiki/Software/systemd⟩. If you have
a bug report for this manual page, see
⟨http://www.freedesktop.org/wiki/Software/systemd/#bugreports⟩.
This page was obtained from the project's upstream Git repository
⟨https://github.com/systemd/systemd.git⟩ on 2024-06-14. (At that
time, the date of the most recent commit that was found in the
repository was 2024-06-13.) If you discover any rendering
problems in this HTML version of the page, or you believe there
is a better or more up-to-date source for the page, or you have
corrections or improvements to the information in this COLOPHON
(which is not part of the original manual page), send a mail to
[email protected]
systemd 257~devel SYSTEMD-SSH-PROXY(1)
Pages that refer to this page: systemd.directives(7), systemd.index(7), systemd-ssh-generator(8)