Might a patch to ssh-agent to allow relaxing of peer euid check be accepted?

[Peter Stuge]

Matthew Miller wrote:
> Right now, ssh-agent makes a check using getpeereid(), and declines access
> if it fails. This is very sensible in general, but breaks this particular
> case. Might a patch to allow an option to ssh-agent to relax the check be
> accepted?

I doubt it. I would suggest that you implement an ssh-agent proxy to
sit in front of the actual agent, running as keyholder, where you
implement policy.


//Peter