Release 20.06

New Features

  • Unix domain socket forwarding

    OpenSSH supports local and remote Unix domain socket forwarding using the “streamlocal” extension. Forwarding is initiated as per TCP sockets but with a single path instead of a host and port. Prior to version 20.06, the OpenSSH protocol extension “Unix domain socket forwarding” were denied with an unknown channel type error.

    With version 20.06, you can control whether to allow Unix domain socket forwarding or deny it. Logging of the socket forwarding session is supported as well. Because most applications using sockets run standard TCP communication when communicating over sockets, suSSHi logs all socket communication via SSH in a PCAP file with the pseudo IP address 127.1.1.1 representing the client and 127.2.2.2 representing the server. Advanced network diagnostic tools like Wireshark provide a wide range of dissectors to further analyse the captured traffic.

  • Remote Proxy Health Monitoring

    The new Proxy Health Monitoring feature allows the status of the set up proxies to be queried in the Admin UI and via API. In order to use this feature, the gateway software must be updated to at least version 20.06.

Changes

  • Filename suffixes for PCAP files have changed to represent the type of captured traffic:

    • For Port-Forwarding, the new extension .portfwd.pcap is used.

    • For X11 traffic, .x11.pcap is used respectively.

    • Unix domain socket forwarding captures make use of the .socket.pcap extension.

  • The IP addresses used in .pcap files have changed from 1.1.1.1 (client) and 2.2.2.2 (server) to 127.1.1.1 (client) and 127.2.2.2 (server).

Improvements

  • Include client and target software identification in session log.

Bug Fixes

  • In SFTP logging, a ‘handle’ (which is a response to Path requests) was not handled correctly in some cases. Thus wrong paths could be logged in further logging. The bug first appeared with release 20.05.

  • In PubKeyAgent authentication mode, remote port forwarding (e.g. the -R option in OpenSSH) did not work correctly under certain circumstances.