OpenSSH takes at least two precautions to protect against other users connecting to the agent forwarding socket. First it creates a temporary subdirectory for each socket, this directory has permissions drwx------. This is because BSDs and Linux differ in how they handle permissions on a UNIX socket itself (1). Second it validates the identity of the process connecting the the auth socket (2). Hope this helps, Dustin Lundquist [1] https://unix.stackexchange.com/questions/83032/which-systems-do-not-honor-socket-read-write-permissions [2] https://github.com/openssh/openssh-portable/blob/9f0e44e1a0439ff4646495d5735baa61138930a9/ssh-agent.c#L796-L806 On Wed, Nov 1, 2017 at 3:26 AM, tran dung <trandung0101@xxxxxxxxx> wrote: > Hi > > After logging in to a remote server with ForwardAgent enabled, sshd on the > remote server creates a socket at /tmp/ and permission is 0755/srwxr-xr-x. > > What is the reason to allow everyone to read this socket? > Also, is it better to save this socket in /home/user/.ssh/? > > > Best Regards > ----------------------- > Tran Dung > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@xxxxxxxxxxx > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev