Unix domain socket forwarding
OpenSSH supports local and remote Unix domain socket forwarding using the “streamlocal” extension. Forwarding is initiated as per TCP sockets but with a single path instead of a host and port. Prior to version 20.06, the OpenSSH protocol extension “Unix domain socket forwarding” were denied with an unknown channel type error.
With version 20.06, you can control whether to allow Unix domain socket forwarding or deny it. Logging of the socket forwarding session is supported as well. Because most applications using sockets run standard TCP communication when communicating over sockets, suSSHi logs all socket communication via SSH in a PCAP file with the pseudo IP address
127.1.1.1representing the client and
127.2.2.2representing the server. Advanced network diagnostic tools like Wireshark provide a wide range of dissectors to further analyse the captured traffic.
Remote Proxy Health Monitoring
The new Proxy Health Monitoring feature allows the status of the set up proxies to be queried in the Admin UI and via API. In order to use this feature, the gateway software must be updated to at least version 20.06.
Filename suffixes for PCAP files have changed to represent the type of captured traffic:
For Port-Forwarding, the new extension
For X11 traffic,
.x11.pcapis used respectively.
Unix domain socket forwarding captures make use of the
The IP addresses used in
.pcapfiles have changed from
Include client and target software identification in session log.
In SFTP logging, a ‘handle’ (which is a response to Path requests) was not handled correctly in some cases. Thus wrong paths could be logged in further logging. The bug first appeared with release 20.05.
In PubKeyAgent authentication mode, remote port forwarding (e.g. the
-Roption in OpenSSH) did not work correctly under certain circumstances.