Might a patch to ssh-agent to allow relaxing of peer euid check be accepted?

Peter Stuge peter at stuge.se
Thu May 19 10:30:09 EST 2011

Matthew Miller wrote:
> Right now, ssh-agent makes a check using getpeereid(), and declines access
> if it fails. This is very sensible in general, but breaks this particular
> case. Might a patch to allow an option to ssh-agent to relax the check be
> accepted?

I doubt it. I would suggest that you implement an ssh-agent proxy to
sit in front of the actual agent, running as keyholder, where you
implement policy.


More information about the openssh-unix-dev mailing list