Bechler Richard
2004-Jun-04 09:24 UTC
sharing a private key with other local users of the same group
Hello, we're using the portable OpenSSH (3.8.1p1) with Linux, HP-UX and Solaris. After starting the ssh-agent and adding a private key, I changed the permissions of the socket to 0770, so other users of the same group have access to it. With HP-UX and Solaris this works fine, although with Linux and older OpenSSH versions (3.4p1/SuSE8.1,3.1p1/RedHat7.2). With 3.8.1p1 and Linux (SLES8-SuSE8.1) I got the following error message: Error reading response length from authentication socket. Attachement: strace output greetings, Richard Bechler (richard.bechler at siemens.com)
Darren Tucker
2004-Jun-04 09:40 UTC
sharing a private key with other local users of the same group
On Fri, 2004-06-04 at 19:24, Bechler Richard wrote:> we're using the portable OpenSSH (3.8.1p1) with Linux, HP-UX and > Solaris. > After starting the ssh-agent and adding a private key, I changed the > permissions of the socket to 0770, so other users of the same group have > access to it. With HP-UX and Solaris this works fine, although with > Linux and older OpenSSH versions (3.4p1/SuSE8.1,3.1p1/RedHat7.2). > With 3.8.1p1 and Linux (SLES8-SuSE8.1) I got the following error > message: > Error reading response length from authentication socket.>From 3.5x, ssh-agent will use getsockopt([...] SO_PEERCRED) on platformsthat have it (which includes most modern Linuxes) to determine the effective uid of the process talking to it, and will not answer if the process belongs to a different user. If you really want it to, you can disable this by, eg, putting "#undef SO_PEERCRED" at the bottom of defines.h. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.