bugzilla-daemon at bugzilla.mindrot.org
2011-May-19 13:50 UTC
[Bug 1247] ssh-agent prevents use of filesystem permissions to control access to agent socket
https://bugzilla.mindrot.org/show_bug.cgi?id=1247
Matthew Miller <mattdm at mattdm.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mattdm at mattdm.org
Summary|ssh-agent prevents use of |ssh-agent prevents use of
|group permissions to |filesystem permissions to
|control access to agent |control access to agent
|socket |socket
Keywords| |patch
--- Comment #3 from Matthew Miller <mattdm at mattdm.org> 2011-05-19
23:50:04 EST ---
I have a use-case for disabling this check as well. I have a system
where I'd like to give certain users time-limited access to the use of
certain SSH private keys without actually exposing the keys. I have the
idea of using ssh-agent to do this. The agent would run as a
"keyholder" user, and group permissions on the UNIX-domain socket
would
allow read-write by both that account and the actual ssh user.
The current policy enforced by ssh-agent prevents this. This is very
sensible in general, but breaks my particular case, and Geoff's as
well.
Thanks!
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Maybe Matching Threads
- [Bug 1247] ssh-agent prevents use of group permissions to control access to agent socket
- [Bug 1247] ssh-agent prevents use of filesystem permissions to control access to agent socket
- [Bug 1247] ssh-agent prevents use of group permissions to control access to agent socket
- Might a patch to ssh-agent to allow relaxing of peer euid check be accepted?
- [Bug 1288] ssh-add on Cygwin -- can't access ssh-agent socket
Wisdom of the Ancients
