[Bug 2866] New: Allow forwarded agent sockets to be in somewhere other than /tmp

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat May 12 05:29:07 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2866

            Bug ID: 2866
           Summary: Allow forwarded agent sockets to be in somewhere other
                    than /tmp
           Product: Portable OpenSSH
           Version: 7.7p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: rlpowell at digitalkingdom.org

On my site we use pam_ssh_agent_auth

This means that if something happens to fill up /tmp, we lose the
ability to sudo, which is not awesome.  We'd like to have a
tmpfs-backed FS *just* for ssh agent sockets, but we can't because as
far as I can tell from the code, tmp/ssh-XXXXX is hard-coded in sshd.

On more recent ssh versions, this can be hacked around with -R on our
auth sockets, but currently most of my plant is on ssh 5.3 because
reasons, but also it really seems like this is something that should be
configurable.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list