Skip to main content
Redhat Developers  Logo
  • Products

    Featured

    • Red Hat Enterprise Linux
      Red Hat Enterprise Linux Icon
    • Red Hat OpenShift AI
      Red Hat OpenShift AI
    • Red Hat Enterprise Linux AI
      Linux icon inside of a brain
    • Image mode for Red Hat Enterprise Linux
      RHEL image mode
    • Red Hat OpenShift
      Openshift icon
    • Red Hat Ansible Automation Platform
      Ansible icon
    • Red Hat Developer Hub
      Developer Hub
    • View All Red Hat Products
    • Linux

      • Red Hat Enterprise Linux
      • Image mode for Red Hat Enterprise Linux
      • Red Hat Universal Base Images (UBI)
    • Java runtimes & frameworks

      • JBoss Enterprise Application Platform
      • Red Hat build of OpenJDK
    • Kubernetes

      • Red Hat OpenShift
      • Microsoft Azure Red Hat OpenShift
      • Red Hat OpenShift Virtualization
      • Red Hat OpenShift Lightspeed
    • Integration & App Connectivity

      • Red Hat Build of Apache Camel
      • Red Hat Service Interconnect
      • Red Hat Connectivity Link
    • AI/ML

      • Red Hat OpenShift AI
      • Red Hat Enterprise Linux AI
    • Automation

      • Red Hat Ansible Automation Platform
      • Red Hat Ansible Lightspeed
    • Developer tools

      • Red Hat Trusted Software Supply Chain
      • Podman Desktop
      • Red Hat OpenShift Dev Spaces
    • Developer Sandbox

      Developer Sandbox
      Try Red Hat products and technologies without setup or configuration fees for 30 days with this shared Openshift and Kubernetes cluster.
    • Try at no cost
  • Technologies

    Featured

    • AI/ML
      AI/ML Icon
    • Linux
      Linux Icon
    • Kubernetes
      Cloud icon
    • Automation
      Automation Icon showing arrows moving in a circle around a gear
    • View All Technologies
    • Programming Languages & Frameworks

      • Java
      • Python
      • JavaScript
    • System Design & Architecture

      • Red Hat architecture and design patterns
      • Microservices
      • Event-Driven Architecture
      • Databases
    • Developer Productivity

      • Developer productivity
      • Developer Tools
      • GitOps
    • Secure Development & Architectures

      • Security
      • Secure coding
    • Platform Engineering

      • DevOps
      • DevSecOps
      • Ansible automation for applications and services
    • Automated Data Processing

      • AI/ML
      • Data Science
      • Apache Kafka on Kubernetes
      • View All Technologies
    • Start exploring in the Developer Sandbox for free

      sandbox graphic
      Try Red Hat's products and technologies without setup or configuration.
    • Try at no cost
  • Learn

    Featured

    • Kubernetes & Cloud Native
      Openshift icon
    • Linux
      Rhel icon
    • Automation
      Ansible cloud icon
    • Java
      Java icon
    • AI/ML
      AI/ML Icon
    • View All Learning Resources

    E-Books

    • GitOps Cookbook
    • Podman in Action
    • Kubernetes Operators
    • The Path to GitOps
    • View All E-books

    Cheat Sheets

    • Linux Commands
    • Bash Commands
    • Git
    • systemd Commands
    • View All Cheat Sheets

    Documentation

    • API Catalog
    • Product Documentation
    • Legacy Documentation
    • Red Hat Learning

      Learning image
      Boost your technical skills to expert-level with the help of interactive lessons offered by various Red Hat Learning programs.
    • Explore Red Hat Learning
  • Developer Sandbox

    Developer Sandbox

    • Access Red Hat’s products and technologies without setup or configuration, and start developing quicker than ever before with our new, no-cost sandbox environments.
    • Explore Developer Sandbox

    Featured Developer Sandbox activities

    • Get started with your Developer Sandbox
    • OpenShift virtualization and application modernization using the Developer Sandbox
    • Explore all Developer Sandbox activities

    Ready to start developing apps?

    • Try at no cost
  • Blog
  • Events
  • Videos

Accessing UNIX sockets remotely from .NET

 

May 30, 2019
Tom Deseyn
Related topics:
LinuxSecurity
Related products:
Red Hat Enterprise Linux

Share:

    Many Linux services (like D-Bus, PostgreSQL, Docker, etc.) are made accessible locally using a UNIX socket. In this article, we'll show how you can access such services remotely from .NET using SSH port forwarding.

    UNIX sockets

    UNIX domain sockets provide a way to exchange data between processes running on the same host. This approach also brings some security features. First, it isn't possible to access them via the network. Second, we can identify the userid of the other process and use that to authorize the user. And, finally, UNIX domain sockets are identified with a path in the file system. To access a service, the user must have permissions to the path. SELinux allows even more fine-grained control.

    To access such services remotely, we could make them accessible using TCP sockets instead of UNIX sockets. However, this makes the service responsible for implementing authentication (identifying users) and encryption (ensuring the messages can't be understood by a third party). Alternatively, we can use SSH port forwarding.

    SSH port forwarding

    Secure shell (SSH) is a well-known, secure mechanism for running commands on a remote machine. SSH includes a mechanism for authenticating against the remote system, and it provides an encrypted channel for communication.

    A (perhaps less known) feature of SSH is its ability to forward ports. Port forwarding means that a remote socket is made available locally. To do that, the ssh client program will open up a local socket and any connection made to that socket will be forwarded over the secure channel and delivered to the socket on the remote machine by the SSH server.

    A port forward can be set up by passing the -L flag to the ssh client:

    -L [bind_address:]port:host:hostport
    -L [bind_address:]port:remote_socket
    -L local_socket:host:hostport
    -L local_socket:remote_socket
    

    As you can see, we need to specify the local end and the remote end. We can use UNIX sockets (identified by a file system path) or TCP sockets (identified as a host:port).

    For example, to make the remote PostgreSQL server running on mydbserver.org available on the local machine at port 1234, we can use the following command:

    ssh -L localhost:1234:/var/run/postgresql/.s.PGSQL.5432 mydbserver.org sleep 10
    

    Our -L argument has localhost:1234 for the local TCP end and the path /var/run/postgresql/.s.PGSQL.5432 as the remote UNIX socket end. We are providing the sleep 10 command to make the ssh command exit in case no TCP connections are forwarded in 10 seconds.

    The ssh program is not only available on Linux, but it is also part of Windows 10. In the next section, we'll wrap it with a .NET class to provide a cross-platform way to set up a port forward.

    Port forwarding from .NET

    PortForward.cs provides a simple PortForward class that wraps the ssh client to do port forwarding.

    The following example shows how to use it in combination with the Npgsql package to connect to a PostgreSQL server:

    using (var portForward = await PortForward.ForwardAsync("tmds@192.168.100.169:/var/run/postgresql/.s.PGSQL.5432"))
    {
        var connectionString = $"Server={portForward.IPEndPoint.Address};Port={portForward.IPEndPoint.Port};Database=postgres;User ID=tmds";
        using (var connection = new NpgsqlConnection(connectionString))
        {
            connection.Open();
            Console.WriteLine($"PostgreSQL version: {connection.PostgreSqlVersion}");
        }
    }
    

    In this example, we are using the preconfigured private key of the user. You can also explicitly specify a key file using PortForwardOptions.IdentityFile:

    var portForward = await PortForward.ForwardAsync(..., o => o.IdentityFile = "mysecretkeyfile");
    

    Conclusion

    In this article, you’ve learned how SSH port forwarding allows you to access remote UNIX sockets. We’ve shown how you can set up port forwarding using the ssh client program and use that from a .NET application.

    Last updated: February 5, 2024

    Recent Posts

    • More Essential AI tutorials for Node.js Developers

    • How to run a fraud detection AI model on RHEL CVMs

    • How we use software provenance at Red Hat

    • Alternatives to creating bootc images from scratch

    • How to update OpenStack Services on OpenShift

    Red Hat Developers logo LinkedIn YouTube Twitter Facebook

    Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform

    Build

    • Developer Sandbox
    • Developer Tools
    • Interactive Tutorials
    • API Catalog

    Quicklinks

    • Learning Resources
    • E-books
    • Cheat Sheets
    • Blog
    • Events
    • Newsletter

    Communicate

    • About us
    • Contact sales
    • Find a partner
    • Report a website issue
    • Site Status Dashboard
    • Report a security problem

    RED HAT DEVELOPER

    Build here. Go anywhere.

    We serve the builders. The problem solvers who create careers with code.

    Join us if you’re a developer, software engineer, web designer, front-end designer, UX designer, computer scientist, architect, tester, product manager, project manager or team lead.

    Sign me up

    Red Hat legal and privacy links

    • About Red Hat
    • Jobs
    • Events
    • Locations
    • Contact Red Hat
    • Red Hat Blog
    • Inclusion at Red Hat
    • Cool Stuff Store
    • Red Hat Summit

    Red Hat legal and privacy links

    • Privacy statement
    • Terms of use
    • All policies and guidelines
    • Digital accessibility

    Report a website issue