1204861SdesThis document describes the multiplexing protocol used by ssh(1)'s 2204861SdesControlMaster connection-sharing. 3204861Sdes 4204861SdesMost messages from the client to the server contain a "request id" field. 5204861SdesThis field is returned in replies as "client request id" to facilitate 6204861Sdesmatching of responses to requests. 7204861Sdes 8204861Sdes1. Connection setup 9204861Sdes 10204861SdesWhen a multiplexing connection is made to a ssh(1) operating as a 11204861SdesControlMaster from a ssh(1) in multiplex slave mode, the first 12204861Sdesaction of each is to exchange hello messages: 13204861Sdes 14204861Sdes uint32 MUX_MSG_HELLO 15204861Sdes uint32 protocol version 16204861Sdes string extension name [optional] 17204861Sdes string extension value [optional] 18204861Sdes ... 19204861Sdes 20204861SdesThe current version of the mux protocol is 4. A slave should refuse 21204861Sdesto connect to a master that speaks an unsupported protocol version. 22204861SdesFollowing the version identifier are zero or more extensions 23204861Sdesrepresented as a name/value pair. No extensions are currently 24204861Sdesdefined. 25204861Sdes 26204861Sdes2. Opening sessions 27204861Sdes 28204861SdesTo open a new multiplexed session, a client may send the following 29204861Sdesrequest: 30204861Sdes 31221420Sdes uint32 MUX_C_NEW_SESSION 32204861Sdes uint32 request id 33204861Sdes string reserved 34204861Sdes bool want tty flag 35204861Sdes bool want X11 forwarding flag 36204861Sdes bool want agent flag 37204861Sdes bool subsystem flag 38204861Sdes uint32 escape char 39204861Sdes string terminal type 40204861Sdes string command 41204861Sdes string environment string 0 [optional] 42204861Sdes ... 43204861Sdes 44204861SdesTo disable the use of an escape character, "escape char" may be set 45204861Sdesto 0xffffffff. "terminal type" is generally set to the value of 46204861Sdes$TERM. zero or more environment strings may follow the command. 47204861Sdes 48204861SdesThe client then sends its standard input, output and error file 49204861Sdesdescriptors (in that order) using Unix domain socket control messages. 50204861Sdes 51204861SdesThe contents of "reserved" are currently ignored. 52204861Sdes 53204861SdesIf successful, the server will reply with MUX_S_SESSION_OPENED 54204861Sdes 55204861Sdes uint32 MUX_S_SESSION_OPENED 56204861Sdes uint32 client request id 57204861Sdes uint32 session id 58204861Sdes 59204861SdesOtherwise it will reply with an error: MUX_S_PERMISSION_DENIED or 60204861SdesMUX_S_FAILURE. 61204861Sdes 62204861SdesOnce the server has received the fds, it will respond with MUX_S_OK 63204861Sdesindicating that the session is up. The client now waits for the 64204861Sdessession to end. When it does, the server will send an exit status 65204861Sdesmessage: 66204861Sdes 67204861Sdes uint32 MUX_S_EXIT_MESSAGE 68204861Sdes uint32 session id 69204861Sdes uint32 exit value 70204861Sdes 71204861SdesThe client should exit with this value to mimic the behaviour of a 72204861Sdesnon-multiplexed ssh(1) connection. Two additional cases that the 73204861Sdesclient must cope with are it receiving a signal itself and the 74204861Sdesserver disconnecting without sending an exit message. 75204861Sdes 76226046SdesA master may also send a MUX_S_TTY_ALLOC_FAIL before MUX_S_EXIT_MESSAGE 77226046Sdesif remote TTY allocation was unsuccessful. The client may use this to 78226046Sdesreturn its local tty to "cooked" mode. 79226046Sdes 80226046Sdes uint32 MUX_S_TTY_ALLOC_FAIL 81226046Sdes uint32 session id 82226046Sdes 83204861Sdes3. Health checks 84204861Sdes 85204861SdesThe client may request a health check/PID report from a server: 86204861Sdes 87204861Sdes uint32 MUX_C_ALIVE_CHECK 88204861Sdes uint32 request id 89204861Sdes 90204861SdesThe server replies with: 91204861Sdes 92204861Sdes uint32 MUX_S_ALIVE 93204861Sdes uint32 client request id 94204861Sdes uint32 server pid 95204861Sdes 96204861Sdes4. Remotely terminating a master 97204861Sdes 98204861SdesA client may request that a master terminate immediately: 99204861Sdes 100204861Sdes uint32 MUX_C_TERMINATE 101204861Sdes uint32 request id 102204861Sdes 103204861SdesThe server will reply with one of MUX_S_OK or MUX_S_PERMISSION_DENIED. 104204861Sdes 105204861Sdes5. Requesting establishment of port forwards 106204861Sdes 107204861SdesA client may request the master to establish a port forward: 108204861Sdes 109221420Sdes uint32 MUX_C_OPEN_FWD 110204861Sdes uint32 request id 111204861Sdes uint32 forwarding type 112204861Sdes string listen host 113240075Sdes uint32 listen port 114204861Sdes string connect host 115240075Sdes uint32 connect port 116204861Sdes 117204861Sdesforwarding type may be MUX_FWD_LOCAL, MUX_FWD_REMOTE, MUX_FWD_DYNAMIC. 118204861Sdes 119215116SdesA server may reply with a MUX_S_OK, a MUX_S_REMOTE_PORT, a 120215116SdesMUX_S_PERMISSION_DENIED or a MUX_S_FAILURE. 121204861Sdes 122215116SdesFor dynamically allocated listen port the server replies with 123215116Sdes 124215116Sdes uint32 MUX_S_REMOTE_PORT 125215116Sdes uint32 client request id 126215116Sdes uint32 allocated remote listen port 127215116Sdes 128221420Sdes6. Requesting closure of port forwards 129204861Sdes 130221420SdesNote: currently unimplemented (server will always reply with MUX_S_FAILURE). 131204861Sdes 132221420SdesA client may request the master to close a port forward: 133221420Sdes 134221420Sdes uint32 MUX_C_CLOSE_FWD 135204861Sdes uint32 request id 136240075Sdes uint32 forwarding type 137204861Sdes string listen host 138240075Sdes uint32 listen port 139204861Sdes string connect host 140240075Sdes uint32 connect port 141204861Sdes 142204861SdesA server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a 143204861SdesMUX_S_FAILURE. 144204861Sdes 145221420Sdes7. Requesting stdio forwarding 146204861Sdes 147204861SdesA client may request the master to establish a stdio forwarding: 148204861Sdes 149204861Sdes uint32 MUX_C_NEW_STDIO_FWD 150204861Sdes uint32 request id 151204861Sdes string reserved 152204861Sdes string connect host 153204861Sdes string connect port 154204861Sdes 155204861SdesThe client then sends its standard input and output file descriptors 156204861Sdes(in that order) using Unix domain socket control messages. 157204861Sdes 158204861SdesThe contents of "reserved" are currently ignored. 159204861Sdes 160226046SdesA server may reply with a MUX_S_SESSION_OPENED, a MUX_S_PERMISSION_DENIED 161204861Sdesor a MUX_S_FAILURE. 162204861Sdes 163226046Sdes8. Requesting shutdown of mux listener 164204861Sdes 165226046SdesA client may request the master to stop accepting new multiplexing requests 166226046Sdesand remove its listener socket. 167226046Sdes 168226046Sdes uint32 MUX_C_STOP_LISTENING 169226046Sdes uint32 request id 170226046Sdes 171226046SdesA server may reply with a MUX_S_OK, a MUX_S_PERMISSION_DENIED or a 172226046SdesMUX_S_FAILURE. 173226046Sdes 174226046Sdes9. Status messages 175226046Sdes 176204861SdesThe MUX_S_OK message is empty: 177204861Sdes 178204861Sdes uint32 MUX_S_OK 179204861Sdes uint32 client request id 180204861Sdes 181204861SdesThe MUX_S_PERMISSION_DENIED and MUX_S_FAILURE include a reason: 182204861Sdes 183204861Sdes uint32 MUX_S_PERMISSION_DENIED 184204861Sdes uint32 client request id 185204861Sdes string reason 186204861Sdes 187204861Sdes uint32 MUX_S_FAILURE 188204861Sdes uint32 client request id 189204861Sdes string reason 190204861Sdes 191226046Sdes10. Protocol numbers 192204861Sdes 193204861Sdes#define MUX_MSG_HELLO 0x00000001 194204861Sdes#define MUX_C_NEW_SESSION 0x10000002 195204861Sdes#define MUX_C_ALIVE_CHECK 0x10000004 196204861Sdes#define MUX_C_TERMINATE 0x10000005 197221420Sdes#define MUX_C_OPEN_FWD 0x10000006 198221420Sdes#define MUX_C_CLOSE_FWD 0x10000007 199221420Sdes#define MUX_C_NEW_STDIO_FWD 0x10000008 200226046Sdes#define MUX_C_STOP_LISTENING 0x10000009 201204861Sdes#define MUX_S_OK 0x80000001 202204861Sdes#define MUX_S_PERMISSION_DENIED 0x80000002 203204861Sdes#define MUX_S_FAILURE 0x80000003 204204861Sdes#define MUX_S_EXIT_MESSAGE 0x80000004 205204861Sdes#define MUX_S_ALIVE 0x80000005 206204861Sdes#define MUX_S_SESSION_OPENED 0x80000006 207215116Sdes#define MUX_S_REMOTE_PORT 0x80000007 208226046Sdes#define MUX_S_TTY_ALLOC_FAIL 0x80000008 209204861Sdes 210204861Sdes#define MUX_FWD_LOCAL 1 211204861Sdes#define MUX_FWD_REMOTE 2 212204861Sdes#define MUX_FWD_DYNAMIC 3 213204861Sdes 214204861SdesXXX TODO 215204861SdesXXX extended status (e.g. report open channels / forwards) 216204861SdesXXX lock (maybe) 217204861SdesXXX watch in/out traffic (pre/post crypto) 218204861SdesXXX inject packet (what about replies) 219204861SdesXXX server->client error/warning notifications 220204861SdesXXX send signals via mux 221204861Sdes 222240075Sdes$OpenBSD: PROTOCOL.mux,v 1.9 2012/06/01 00:49:35 djm Exp $ 223