ssh-agent and socket permission check

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I would like to run ssh-agent under a different account to make sure that
its memory holding private keys is not readable. However, this is not
directly possible as ssh-agent.c explicitly rejects connections to the
agent socket from a different user [1].

Would it be possible to have an option to relax the check so the
connections is allowed as long as it comes from a process belonging to
agent's process group?

[1] -
https://github.com/openssh/openssh-portable/blob/master/ssh-agent.c#L934
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux