ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK sockets

This adds a tiny binary that is hooked into SSH client config via
ProxyCommand and which simply connects to an AF_UNIX or AF_VSOCK socket
of choice.

The syntax is as simple as this:

     ssh unix/some/path     # (this connects to AF_UNIX socket /some/path)

or:

     ssh vsock/4711

I used "/" as separator of the protocol ID and the value since ":" is
already taken by SSH itself when doing sftp. And "@" is already taken
for separating the user name.

1 files changed, 18 insertions, 0 deletions

diff --git a/src/ssh-generator/20-systemd-ssh-proxy.conf.in b/src/ssh-generator/20-systemd-ssh-proxy.conf.in
new file mode 100644
index 0000000000..b97e0f5340
--- /dev/null
+++ b/src/ssh-generator/20-systemd-ssh-proxy.conf.in
@@ -0,0 +1,18 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# Make sure unix/* and vsock/* can be used to connect to AF_UNIX and AF_VSOCK paths
+#
+Host unix/* vsock/*
+        ProxyCommand {{LIBEXECDIR}}/systemd-ssh-proxy %h %p
+        ProxyUseFdpass yes
+        CheckHostIP no
+
+        # Disable all kinds of host identity checks, since these addresses are generally ephemeral.
+        StrictHostKeyChecking no
+        UserKnownHostsFile /dev/null
+
+# Allow connecting to the local host directly via ".host"
+Host .host
+        ProxyCommand {{LIBEXECDIR}}/systemd-ssh-proxy unix/run/ssh-unix-local/socket %p
+        ProxyUseFdpass yes
+        CheckHostIP no