Forward named pipe through SSH tunnel

[friism]

(This is a cross-post from Stackoverflow)

I'd like to forward a named pipe over SSH, from remote Windows machine to a local machine. The remote Windows machine is running sshd. The pipe I want to forward is for the Docker Engine API, although that shouldn't matter.

To forward an equivalent Unix domain socket from a remote Unix machine, I'd run (and this works):

ssh -NL localhost:2374:/var/run/docker.sock user@host

The equivalent for a remote Windows machine named pipe would be:

ssh -NL localhost:2373://./pipe/docker_engine Administrator@windows-host
channel 2: open failed: administratively prohibited: open failed

Running sshd in debug mode, I see this when trying to connect through the tunnel:

debug1: Entering interactive session for SSH2.
debug1: pipe - read end: handle:0000000000000244, io:000001C199D59F20, fd:4
debug1: pipe - write end: handle:0000000000000238, io:000001C199D3F5F0, fd:6
debug1: server_init_dispatch_20
debug1: server_input_global_request: rtype no-more-sessions@openssh.com want_reply 0
debug1: server_input_channel_open: ctype direct-streamlocal@openssh.com rchan 2 win 2097152 max 32768
debug1: server_request_direct_streamlocal: originator ::1 port 59191, target //./pipe/docker_engine
debug1: socket - socket() ERROR:47, io:000001C199D593F0
socket: Unknown error
connect to //./pipe/docker_engine port -2 failed: Unknown error
debug1: server_input_channel_open: failure direct-streamlocal@openssh.com
debug1: server_input_channel_open: ctype direct-streamlocal@openssh.com rchan 2 win 2097152 max 32768
debug1: server_request_direct_streamlocal: originator ::1 port 59192, target //./pipe/docker_engine
debug1: socket - socket() ERROR:47, io:000001C199D593F0
socket: Unknown error
connect to //./pipe/docker_engine port -2 failed: Unknown error
debug1: server_input_channel_open: failure direct-streamlocal@openssh.com

[arif-pragmasys]

Named pipes have to be handled differently(not like regular socket) in the win32compat socket-io layer.

[cbhacking]

SSH doesn't seem to support forwarding files (things that use the file APIs, including *nix FIFOs/named pipes and Windows named pipes). This is awkward, since Windows named pipes really are NT's equivalent of Unix domain sockets.

There ought to be a way to connect to pipes (Unix or Windows) using file APIs on the remote end, but I don't know of one.

[manojampalam]

This is currently not supported but should work once AF_UNIX sockets support is added in POSIX adapter layer.

[aidansteele]

@manojampalam Any updates on that AF_UNIX socket support? I just tried this with OpenSSH on Windows Server 2019 and got a slightly different error:

channel 3: open failed: connect failed: Not a socket

[manojampalam]

@aidansteele sorry. Nothing in the horizon yet.

[baflo]

@manojampalam Any update on this?

[hoang-himself]

PowerShell/openssh-portable#433 looks promising. Can anyone pick this up?