Release 20.06
New Features
Unix domain socket forwarding
OpenSSH supports local and remote Unix domain socket forwarding using the “streamlocal” extension. Forwarding is initiated as per TCP sockets but with a single path instead of a host and port. Prior to version 20.06, the OpenSSH protocol extension “Unix domain socket forwarding” were denied with an unknown channel type error.
With version 20.06, you can control whether to allow Unix domain socket forwarding or deny it. Logging of the socket forwarding session is supported as well. Because most applications using sockets run standard TCP communication when communicating over sockets, suSSHi logs all socket communication via SSH in a PCAP file with the pseudo IP address
127.1.1.1
representing the client and127.2.2.2
representing the server. Advanced network diagnostic tools like Wireshark provide a wide range of dissectors to further analyse the captured traffic.Remote Proxy Health Monitoring
The new Proxy Health Monitoring feature allows the status of the set up proxies to be queried in the Admin UI and via API. In order to use this feature, the gateway software must be updated to at least version 20.06.
Changes
Filename suffixes for PCAP files have changed to represent the type of captured traffic:
For Port-Forwarding, the new extension
.portfwd.pcap
is used.For X11 traffic,
.x11.pcap
is used respectively.Unix domain socket forwarding captures make use of the
.socket.pcap
extension.
The IP addresses used in
.pcap
files have changed from1.1.1.1
(client) and2.2.2.2
(server) to127.1.1.1
(client) and127.2.2.2
(server).
Improvements
Include client and target software identification in session log.
Bug Fixes
In SFTP logging, a ‘handle’ (which is a response to Path requests) was not handled correctly in some cases. Thus wrong paths could be logged in further logging. The bug first appeared with release 20.05.
In PubKeyAgent authentication mode, remote port forwarding (e.g. the
-R
option in OpenSSH) did not work correctly under certain circumstances.