ssh-agent and socket permission check
Igor Bukanov
igor at mir2.org
Thu Jul 24 23:31:54 EST 2014
I would like to run ssh-agent under a different account to make sure that
its memory holding private keys is not readable. However, this is not
directly possible as ssh-agent.c explicitly rejects connections to the
agent socket from a different user [1].
Would it be possible to have an option to relax the check so the
connections is allowed as long as it comes from a process belonging to
agent's process group?
[1] -
https://github.com/openssh/openssh-portable/blob/master/ssh-agent.c#L934
More information about the openssh-unix-dev
mailing list