Is it good for agent forwarding to creates socket in /tmp/

Dustin Lundquist dustin at
Thu Nov 2 01:58:49 AEDT 2017

OpenSSH takes at least two precautions to protect against other users
connecting to the agent forwarding socket. First it creates a temporary
subdirectory for each socket, this directory has permissions drwx------.
This is because BSDs and Linux differ in how they handle permissions on a
UNIX socket itself (1). Second it validates the identity of the process
connecting the the auth socket (2).

Hope this helps,

Dustin Lundquist


On Wed, Nov 1, 2017 at 3:26 AM, tran dung <trandung0101 at> wrote:

> Hi
> After logging in to a remote server with ForwardAgent enabled, sshd on the
> remote server creates a socket at /tmp/ and permission is 0755/srwxr-xr-x.
> What is the reason to allow everyone to read this socket?
> Also, is it better to save this socket in /home/user/.ssh/?
> Best Regards
> -----------------------
> Tran Dung
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at

More information about the openssh-unix-dev mailing list