Skip to content

fix: SSH docker host tunneling on Windows#794

Open
ShortArrow wants to merge 1 commit into
jesseduffield:masterfrom
ShortArrow:develop
Open

fix: SSH docker host tunneling on Windows#794
ShortArrow wants to merge 1 commit into
jesseduffield:masterfrom
ShortArrow:develop

Conversation

@ShortArrow
Copy link
Copy Markdown

@ShortArrow ShortArrow commented Apr 15, 2026
edited
Loading

Summary

  • Fix tunnel ssh docker host: create ssh tunnel tmp file: GetFileAttributesEx /tmp: The system cannot find the file specified. error when using docker context use with an SSH context on Windows
  • On Windows, use TCP port forwarding (DOCKER_HOST=tcp://localhost:PORT) instead of Unix socket forwarding (DOCKER_HOST=unix://...), because Windows paths contain : which conflicts with SSH's -L local:remote delimiter
  • On Linux/macOS, replace hardcoded /tmp with os.TempDir() (returns /tmp on these platforms, so no behavioral change)

Fixes #770

Related

What changed

pkg/commands/ssh/ssh.go

Two problems existed for Windows:

  1. /tmp is hardcoded as the temp directory — does not exist on Windows
  2. ssh -L <local_socket>:<remote_socket> uses : as delimiter — Windows paths like C:\Users\...\dockerhost.sock contain : which breaks the parsing

The fix introduces platform-aware tunneling by splitting createDockerHostTunnel into Unix and TCP variants:

  • Windows (createDockerHostTunnelTCP): ssh -L localhost:<free_port>:/var/run/docker.sock with DOCKER_HOST=tcp://localhost:<port>
  • Linux/macOS (createDockerHostTunnelUnix): ssh -L <tmpdir>/dockerhost.sock:/var/run/docker.sock with DOCKER_HOST=unix://<tmpdir>/dockerhost.sock (existing behavior, /tmpos.TempDir())

Both variants share retrySocketDial/tryDial (added network parameter) and tunnelSSH (unchanged).

pkg/commands/ssh/ssh_test.go

  • Updated existing test to be platform-aware (expects TCP on Windows, Unix socket on others)
  • Added TestCreateDockerHostTunnelUnix — tests the Unix socket path directly
  • Added TestCreateDockerHostTunnelTCP — tests the TCP port forwarding path directly
  • Added error path tests for createDockerHostTunnelTCP (findFreePort failure, tunnelSSH failure)

Known limitations

  • TCP tunnel on Windows binds to a localhost ephemeral port, which is accessible by any local process and has a small TOCTOU race window before ssh -L binds it.

Test plan

  • go test ./pkg/commands/ssh/... passes on all platforms
  • Windows + SSH docker context: lazydocker starts and connects successfully
  • Linux/macOS + SSH docker context: no regression (behavior unchanged)
  • Windows + local docker context: no impact (SSH tunnel code not triggered)

@ShortArrow
Fix SSH docker host tunneling on Windows
f5d93ad 
Use TCP port forwarding instead of Unix socket forwarding on Windows,
where paths contain ':' conflicting with SSH's -L delimiter.
Also replace hardcoded /tmp with os.TempDir().
@ShortArrow ShortArrow marked this pull request as ready for review April 17, 2026 03:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Can't connect to Docker on WSL via ssh from Windows Docker context using SSH does not work

1 participant

@ShortArrow