I would like to run ssh-agent under a different account to make sure that its memory holding private keys is not readable. However, this is not directly possible as ssh-agent.c explicitly rejects connections to the agent socket from a different user [1]. Would it be possible to have an option to relax the check so the connections is allowed as long as it comes from a process belonging to agent's process group? [1] - https://github.com/openssh/openssh-portable/blob/master/ssh-agent.c#L934 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev