On 07/08/2013 08:19 AM, Neil Roberts wrote:
> Heh, yeah, I also experimented with going down this route. I wrote an
> overly complicated C program¹ to manage launching the two SSH sessions.
> That also only handles one session, but yeah I guess you could get the
> program to relaunch the SSH session after the first connection dies.

did you try the approach i outlined?  no extra C code needed, and if you
want it to re-launch, you should be able to just wrap it in a shell for
loop :)  You might also want a ,reuseaddr on the inner UNIX-LISTEN socat
endpoint.

> I came across some other people who were suggesting² to make socat wrap
> the Unix socket in a TCP socket and then tunnel that over SSH. I guess
> that would be a simple way to support multiple sessions. However it
> seems a bit dodgy to open a port because you can't restrict the access
> by user.

I agree you don't want to wrap it up in a TCP socket, for exactly the
access control reasons you describe.

	--dkg