sharing a private key with other local users of the same group
Darren Tucker
dtucker at zip.com.au
Fri Jun 4 19:40:10 EST 2004
On Fri, 2004-06-04 at 19:24, Bechler Richard wrote:
> we're using the portable OpenSSH (3.8.1p1) with Linux, HP-UX and
> Solaris.
> After starting the ssh-agent and adding a private key, I changed the
> permissions of the socket to 0770, so other users of the same group have
> access to it. With HP-UX and Solaris this works fine, although with
> Linux and older OpenSSH versions (3.4p1/SuSE8.1,3.1p1/RedHat7.2).
> With 3.8.1p1 and Linux (SLES8-SuSE8.1) I got the following error
> message:
> Error reading response length from authentication socket.
>From 3.5x, ssh-agent will use getsockopt([...] SO_PEERCRED) on platforms
that have it (which includes most modern Linuxes) to determine the
effective uid of the process talking to it, and will not answer if the
process belongs to a different user.
If you really want it to, you can disable this by, eg, putting "#undef
SO_PEERCRED" at the bottom of defines.h.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list