Permissions on the ssh-agent socket
Alexander Wuerstlein
snalwuer at cip.informatik.uni-erlangen.de
Sat Mar 24 02:29:34 EST 2007
Hello,
this may be a stupid question, but I'll ask anyways because I was unable to get
a satisfying answer somwhere else. So feel free to simply point out my stupidity,
if the problem lies only there.
The question:
If I start an ssh-agent, it creates a socket (/tmp/ssh-*/agent.*), with the socket's
and the directory's permissions set to 600. However, if I now connect to a remote host
with agent-forwarding enabled, the resulting socket on the remote host gets
permissions 755 (the directory still gets 700).
What bothers me is the go+rx part, is there any specific reason to that?
If not, wouldn't it be better to be paranoid and use 600?
The behaviour above applies to Linux (Debian testing, OpenSSH_4.3p2 Debian-9,
OpenSSL 0.9.8c 05 Sep 2006), as well as Solaris (Solaris 10 06/06 x86,
OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006) and FreeBSD (5.4, OpenSSH_3.6.1, SSH
protocols 1.5/2.0, OpenSSL 0x0090804f). Unfortunately I have no OpenBSD box
available to test that behaviour, so it could perhaps only affect portable
OpenSSH.
Ciao,
Alexander Wuerstlein.
More information about the openssh-unix-dev
mailing list