Location of socket for agent forwarding on remote machine configurable?

[Damien Miller]

On Thu, 14 Aug 2025, Nils Rennebarth wrote:

> Hi,
> 
> The "ForwardAgent" configuration item documented in ssh_config(5) allows to
> forward a different agent socket to the remote machine than the one whose path
> is contained in the environment variable SSH_AUTH_SOCK. But on the remote
> machine, sshd.c  creates another socket, that it listens on, as long as the
> ssh session is running, and proxies all requests to the origniating agent,
> right?
> 
> Is it possible to configure the location of the agent socket on the remote
> machine, or is that location hardcoded to /tmp/ssh-XXXXXXXXXXXX/agent.<pid>?

More recently (OpenSSH-10.0) both sshd and ssh-agent listen under
~/.ssh/agent/ but for sshd the path is not configurable.

> Background for the question is that I use a build host on a remote machine. I
> ssh to the machine and then reconnect to a long running tmux session where I
> do my development things. During the build I need access to my ssh keys on the
> originating machine, which is why I use ssh's ForwardAgent option (I can trust
> the remote machine). But the build also needs to happen in a chroot
> environment, which of course has no access to the real /tmp directory on the
> remote machine, where the forwarded agent socket lives.
> 
> My current workaround is, to run a socat process on the remote machine, that
> proxies between a socket inside the build chroot and the one in /tmp where
> sshd listenes and again proxies it to my local machine, but it would be much
> easier to just tell sshd on the remote machine to open its socket inside the
> build chroot.

It sounds like the recent move to being under the user's home directory
might possibly have solved your problem, or at least made it simpler.