[Bug 1247] ssh-agent prevents use of filesystem permissions to control access to agent socket
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu May 19 23:50:04 EST 2011
https://bugzilla.mindrot.org/show_bug.cgi?id=1247
Matthew Miller <mattdm at mattdm.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mattdm at mattdm.org
Summary|ssh-agent prevents use of |ssh-agent prevents use of
|group permissions to |filesystem permissions to
|control access to agent |control access to agent
|socket |socket
Keywords| |patch
--- Comment #3 from Matthew Miller <mattdm at mattdm.org> 2011-05-19 23:50:04 EST ---
I have a use-case for disabling this check as well. I have a system
where I'd like to give certain users time-limited access to the use of
certain SSH private keys without actually exposing the keys. I have the
idea of using ssh-agent to do this. The agent would run as a
"keyholder" user, and group permissions on the UNIX-domain socket would
allow read-write by both that account and the actual ssh user.
The current policy enforced by ssh-agent prevents this. This is very
sensible in general, but breaks my particular case, and Geoff's as
well.
Thanks!
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list