Re: Is it good for agent forwarding to creates socket in /tmp/

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Thu, 2017-11-02 at 16:18 +1100, Damien Miller wrote:
> On Thu, 2 Nov 2017, tran dung wrote:
> 
> > Hi Alexander Wuerstlein
> > 
> > Thank for the information.
> > 
> > Now I agree that it's better to save the socket in /tmp/
> > I checked the source code and found that it is hard-coded.
> >         /* Allocate a buffer for the socket name, and format the
> > name. */
> >         auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
> > It would be nice if openssh provides an option to overwrite this
> > default.
> 
> It does: "ssh-agent -a /path". You'll need to do your own 'mktemp -d'
> or equivalent to get a temporary directory if you want a random-
> looking
> path.

It does for ssh-agent socket location, but not for the agent forwarding
in sshd server [1] as this thread started.

Configuring this in sshd_config could be useful, though I don't see a
big value in it. The tmp is portable and with the measures that OpenSSH
is using also secure.

[1] https://github.com/openssh/openssh-portable/blob/b7548b12a6b2b4abf4
d057192c353147e0abba08/session.c#L201

Regards,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux