Is it good for agent forwarding to creates socket in /tmp/

Jakub Jelen jjelen at
Tue Nov 7 01:04:37 AEDT 2017

On Thu, 2017-11-02 at 16:18 +1100, Damien Miller wrote:
> On Thu, 2 Nov 2017, tran dung wrote:
> > Hi Alexander Wuerstlein
> > 
> > Thank for the information.
> > 
> > Now I agree that it's better to save the socket in /tmp/
> > I checked the source code and found that it is hard-coded.
> >         /* Allocate a buffer for the socket name, and format the
> > name. */
> >         auth_sock_dir = xstrdup("/tmp/ssh-XXXXXXXXXX");
> > It would be nice if openssh provides an option to overwrite this
> > default.
> It does: "ssh-agent -a /path". You'll need to do your own 'mktemp -d'
> or equivalent to get a temporary directory if you want a random-
> looking
> path.

It does for ssh-agent socket location, but not for the agent forwarding
in sshd server [1] as this thread started.

Configuring this in sshd_config could be useful, though I don't see a
big value in it. The tmp is portable and with the measures that OpenSSH
is using also secure.


Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.

More information about the openssh-unix-dev mailing list