I would like to run ssh-agent under a different account to make sure that its memory holding private keys is not readable. However, this is not directly possible as ssh-agent.c explicitly rejects connections to the agent socket from a different user [1]. Would it be possible to have an option to relax the check so the connections is allowed as long as it comes from a process belonging to agent's process group? [1] - https://github.com/openssh/openssh-portable/blob/master/ssh-agent.c#L934
On Thu, 24 Jul 2014, Igor Bukanov wrote:> I would like to run ssh-agent under a different account to make sure that > its memory holding private keys is not readable.It shouldn't be anyway. We ship it setgid by default and also use prctl() on Linux to prevent ptrace()