ControlMaster question

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello.

I'd like to spread the use of control channel muxing at our institute,
so the plan was to change the defaults for our ssh to, e.g.

ControlMaster auto
ControlPath /tmp/%C.ssh-mux
ControlPersist 0

The idea was:
- use opportunistic muxing
- not all users may have actually homedirs, therefore something like
/tmp needs to be used
- the mux process should be backgrounded (and not block the original
ssh process to remain open) and it should immediately close when it's
no longer used by anyone


Some problems/questions:
1) Is it a security issue, when the sockets are created in /tmp? E.g.
could a malevolent user create such a socket and intercept the other
user's connection? Or does ssh check whether the socket is owned by
BOTH it's own user/group?
I think normally there shouldn't be a way for a user a to create a
file owned by user b,... it may be possible that user a creates a file
which is owned by group b... but if ssh checks BOTH user and group, it
should be fine, right? So does it do such checks?
Are there any other things to obey (thinking of all the different
kinds of /tmp-dir hacks)?

2) Apparently ControlPersist 0 is actually the same as yes and the mux
process isn't stopped 0s (i.e. immediately) after the last connection
has gone, but never.
Is this a bug?


Sincerely,
Philippe
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux