Communicating via a local socket or named pipe

Let's answer couple questions first:

• What is a named pipe ? It's an inter-process communication method. Anonymous pipelines are created in software, typically via pipe() syscall. When you do a pipeline in shell like /bin/echo foo | grep 'foo' you're asking shell to execute that pipe() call, make two subprocesses, and make those two subrocesses ( in this case /bin/echo and grep ) talk to each other. Of course, because that type of pipe is anonymous, there's no name for it in the filesystem on disk ( there is a file in kernel's virtual filesystem, but that's another story). Named pipes aka FIFO can be created with mkfifo command or mkfifo(3)/mkfifoat(3) syscalls. For example, mkfifo /tmp/my_named_pipe.fifo. So instead of doing echo foo | grep 'foo' in same terminal, you can do echo foo > /tmp/my_named_pipe.fifo and have grep 'foo' /tmp/my_named_pipe.fifo in another terminal

  So basic idea is of a pipe is to have two endpoinds - one for writing and one for reading. In case of named pipe you have one command/process writing to that FIFO file and one - reading from that file.

• What is a socket: A network socket is basically software channel or a reference , using which processes on the same or different machine can communicate. A socket by itself doesn't do much, but if it is bound to network port ( like port 80 for HTTP or port 554 for RTSP media stream ) processes on the same or different machine - then your software can talk to other software.

  Basic idea is similar: make a named socket, like /tmp/my_socket.sock and have two or more command talk via this socket (writing AND reading), usually with one command being "server" and always listening on that socket.

• How does any of this relate to SSH ? By default ssh server runs on port 22 and there will be a network socket allocated for that( remember what I said about socket having port ?). Sometimes it is useful to make SSH tunnel. For example, if we have this setup

  Client Computer A -> Firewall Linux Server B ->  Linux Server with Website C
   IP: 172.16.127.1      IP: 172.16.127.2(ssh port 22)    IP: 172.16.127.3 (website on port 80)
  

  and we want to have secure connection from Client A to Website C, we would do in ssh:

  ssh  -L 172.16.127.1:8877:172.16.127.3:80 [email protected]
  

  This is called port forwarding: now you can open in browser http://172.16.127.1:8877 on Computer A and it will redirect to website on Linux Server C. Note that 8877 is random unused port. If the port is already in use - you may want to find a different unused port, anything above 1000 should be fine.

  Of course this is not always convenient as it will keep session open. And this is where you could create a named socket aka Unix Domain Socket 　and control ssh session in background without having to have shell open.

So this is where we can answer the actual question related to the quote from the book you mentioned:

• ssh-agent: In certain situations we don't want to want to store ssh credentials on the server we're trying to connect to. This is why you'd run an SSH agent software (for Windows you could use Pageant aka PuTTY Agent). The SSH_AUTH_SOCKET (for example SSH_AUTH_SOCKET=/tmp/my_auth.sock ) environment variable will have the Unix Domain Socket path via which the ssh command can talk to the agent, and confirm that your login is proper. This would be useful in my previous example, if we want to make sure that connection to Linux Firewall Server B is authentic - the username is who they really are - then you'd use an ssh agent on Computer A.

  And this is very useful if we have many Servers C and many Firewall Servers B - storing passwords on many Server B machines is not secure nor practical.

There's a lot more to sockets, pipes and ssh , but hope this helps to briefly clarify what things are and how they relate to each other. See my other answer about pipes vs redirection, which explains pipelines in a lot, a lot more detail