Location of socket for agent forwarding on remote machine configurable?
Nils Rennebarth
nils.rennebarth at secunet.com
Thu Aug 14 21:52:50 AEST 2025
Hi,
The "ForwardAgent" configuration item documented in ssh_config(5) allows to forward a different agent socket to the remote machine than the one whose
path is contained in the environment variable SSH_AUTH_SOCK. But on the remote machine, sshd.c creates another socket, that it listens on, as long as
the ssh session is running, and proxies all requests to the origniating agent, right?
Is it possible to configure the location of the agent socket on the remote machine, or is that location hardcoded to /tmp/ssh-XXXXXXXXXXXX/agent.<pid>?
Background for the question is that I use a build host on a remote machine. I ssh to the machine and then reconnect to a long running tmux session
where I do my development things. During the build I need access to my ssh keys on the originating machine, which is why I use ssh's ForwardAgent
option (I can trust the remote machine). But the build also needs to happen in a chroot environment, which of course has no access to the real /tmp
directory on the remote machine, where the forwarded agent socket lives.
My current workaround is, to run a socat process on the remote machine, that proxies between a socket inside the build chroot and the one in /tmp
where sshd listenes and again proxies it to my local machine, but it would be much easier to just tell sshd on the remote machine to open its socket
inside the build chroot.
Best regards, Nils
--
Dipl. Math Nils Rennebarth
Senior Software Developer
Division Public Authorities
secunet Security Networks AG
Tel.: +49 201 5454-3976, Mobil: +49 174 9750449
E-Mail: nils.rennebarth at secunet.com
Neue Brücke 3, 70173 Stuttgart
www.secunet.com
______________________________________________________________________
Sitz: Kurfürstenstraße 58, 45138 Essen, Deutschland
Amtsgericht Essen HRB 13615
Vorstand: Marc-Julian Siewert (Vors.), Torsten Henn, Dr. Kai Martius, Jessica Nospers
Aufsichtsratsvorsitzender: Dr. Ralf Wintergerst
______________________________________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20250814/61a71378/attachment.asc>
More information about the openssh-unix-dev
mailing list