On Thu, 2017-11-02 at 16:18 +1100, Damien Miller wrote: > On Thu, 2 Nov 2017, tran dung wrote: > > > Hi Alexander Wuerstlein > > > > Thank for the information. > > > > Now I agree that it's better to save the socket in /tmp/ > > I checked the source code and found that it is hard-coded. > > /* Allocate a buffer for the socket name, and format the > > name. */ > > auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX"); > > It would be nice if openssh provides an option to overwrite this > > default. > > It does: "ssh-agent -a /path". You'll need to do your own 'mktemp -d' > or equivalent to get a temporary directory if you want a random- > looking > path. It does for ssh-agent socket location, but not for the agent forwarding in sshd server [1] as this thread started. Configuring this in sshd_config could be useful, though I don't see a big value in it. The tmp is portable and with the measures that OpenSSH is using also secure. [1] https://github.com/openssh/openssh-portable/blob/b7548b12a6b2b4abf4 d057192c353147e0abba08/session.c#L201 Regards, -- Jakub Jelen Software Engineer Security Technologies Red Hat, Inc. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev