[Bug 1247] ssh-agent prevents use of filesystem permissions to control access to agent socket

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu May 19 23:50:04 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1247

Matthew Miller <mattdm at mattdm.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mattdm at mattdm.org
            Summary|ssh-agent prevents use of   |ssh-agent prevents use of
                   |group permissions to        |filesystem permissions to
                   |control access to agent     |control access to agent
                   |socket                      |socket
           Keywords|                            |patch

--- Comment #3 from Matthew Miller <mattdm at mattdm.org> 2011-05-19 23:50:04 EST ---
I have a use-case for disabling this check as well. I have a system
where I'd like to give certain users time-limited access to the use of
certain SSH private keys without actually exposing the keys. I have the
idea of using ssh-agent to do this. The agent would run as a
"keyholder" user, and group permissions on the UNIX-domain socket would
allow read-write by both that account and the actual ssh user.

The current policy enforced by ssh-agent prevents this. This is very
sensible in general, but breaks my particular case, and Geoff's as
well.

Thanks!

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list