Hello. I'd like to spread the use of control channel muxing at our institute, so the plan was to change the defaults for our ssh to, e.g. ControlMaster auto ControlPath /tmp/%C.ssh-mux ControlPersist 0 The idea was: - use opportunistic muxing - not all users may have actually homedirs, therefore something like /tmp needs to be used - the mux process should be backgrounded (and not block the original ssh process to remain open) and it should immediately close when it's no longer used by anyone Some problems/questions: 1) Is it a security issue, when the sockets are created in /tmp? E.g. could a malevolent user create such a socket and intercept the other user's connection? Or does ssh check whether the socket is owned by BOTH it's own user/group? I think normally there shouldn't be a way for a user a to create a file owned by user b,... it may be possible that user a creates a file which is owned by group b... but if ssh checks BOTH user and group, it should be fine, right? So does it do such checks? Are there any other things to obey (thinking of all the different kinds of /tmp-dir hacks)? 2) Apparently ControlPersist 0 is actually the same as yes and the mux process isn't stopped 0s (i.e. immediately) after the last connection has gone, but never. Is this a bug? Sincerely, Philippe _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev