Hi On Mon, May 24, 2010 at 03:37:41PM -0600, Michael Torrie wrote: > I have a situation where I need to use socat to tunnel the unix socket > that tmux uses. However tmux isn't happy at all with socat tunneling > stuff. Tmux server log reports "fatal: server_client_msg_dispatch: > MSG_IDENTIFY missing fd" So obviously socat isn't quite passing the > data as tmux expects. Here's how I did a test (non-tcp) tunnel: > > tmux -v -S /tmp/testsocket # start the tmux server on test socket > > Then I did a test socat tunnel: > socat UNIX-LISTEN:/tmp/tmux-1066/default UNIX:/tmp/testsocket > > Now I have the real socket in a nonstandard place with socat creating a > tunneled socket in the standard place. However, "tmux attach" causes > the server process to terminate immediately with the above-mentioned error.
tmux uses the SCM_RIGHTS OOB data mechanism to pass a file descriptor, socat obviously does not handle this. I'm not sure it would even be possible for it to do so. The tmux server needs a duplicate of the tty fd so it can update the terminal. > As a sanity check to make sure socat could actually do what I want, I > did this in an xterm: > xhost + > socat socat UNIX-LISTEN:/tmp/.X11-unix/X2 UNIX:/tmp/.X11-unix/X0 > > I was then able to run an X11 program against the :2 display, which > socat tunneled back to :0, so for some unix socket applications socat > works just fine. X obviously doesn't pass file descriptors around. > Does anyone have any idea how I get this to work with tmux? I think the > problem is probably how socat is fragmenting the messages. I've been in > the tmux code somewhat but haven't really figured out yet if this is the > problem. Well, if it fragmented the messages that would also be a problem, but it probably doesn't. Also, tmux doesn't use the Unix domain socket for the first client (if you do tmux new without -d), the first client gets a socketpair to avoid complicated synchronisation. > The long term goal is to use socat to transport the tmux socket over an > SSL tcp/ip socket. That way the folks I support can make a socat > connection to me through firewalls and so forth and in essence share a > terminal with me. This would eliminate the need for me to have any real > access to the networks and servers in question. For the most part socat > would be able to do all of these things without modifying tmux... if > tmux wasn't erring out. The best way to give people secure terminal access to a host on your network is with ssh, which will manage the ptys at both ends for you. There are SSL-enabled telnet clients around as well. And you can probably tunnel ssh over SSL instead if you had to :-). > > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > tmux-users mailing list > tmux-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tmux-users ------------------------------------------------------------------------------ _______________________________________________ tmux-users mailing list tmux-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tmux-users
