On Mon, 10 Nov 2014, Philippe Cerfon wrote: > Some problems/questions: > 1) Is it a security issue, when the sockets are created in /tmp? E.g. > could a malevolent user create such a socket and intercept the other > user's connection? Or does ssh check whether the socket is owned by > BOTH it's own user/group? It allows the user who created the socket and root (subject to file permissions). It's best not to mix users' control sockets in the same directory. Could you arrange a per-user temporary directory be created at login time? (e.g. via PAM) If so, then you could put the sockets there. > 2) Apparently ControlPersist 0 is actually the same as yes and the mux > process isn't stopped 0s (i.e. immediately) after the last connection > has gone, but never. > Is this a bug? Kind of - '0' is used internally to implement ControlPersist=yes and this leaked through to the UI. It's probably not a good idea to ban it retrospectively, so I'll add a note to the manual page. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
