ControlMaster question

Philippe Cerfon philcerf at gmail.com
Mon Nov 10 14:28:23 EST 2014


Hello.

I'd like to spread the use of control channel muxing at our institute,
so the plan was to change the defaults for our ssh to, e.g.

ControlMaster auto
ControlPath /tmp/%C.ssh-mux
ControlPersist 0

The idea was:
- use opportunistic muxing
- not all users may have actually homedirs, therefore something like
/tmp needs to be used
- the mux process should be backgrounded (and not block the original
ssh process to remain open) and it should immediately close when it's
no longer used by anyone


Some problems/questions:
1) Is it a security issue, when the sockets are created in /tmp? E.g.
could a malevolent user create such a socket and intercept the other
user's connection? Or does ssh check whether the socket is owned by
BOTH it's own user/group?
I think normally there shouldn't be a way for a user a to create a
file owned by user b,... it may be possible that user a creates a file
which is owned by group b... but if ssh checks BOTH user and group, it
should be fine, right? So does it do such checks?
Are there any other things to obey (thinking of all the different
kinds of /tmp-dir hacks)?

2) Apparently ControlPersist 0 is actually the same as yes and the mux
process isn't stopped 0s (i.e. immediately) after the last connection
has gone, but never.
Is this a bug?


Sincerely,
Philippe


More information about the openssh-unix-dev mailing list