Displaying 2 results from an estimated 2 matches for "keyholder".
Did you mean:
beholder
2011 May 18
2
Might a patch to ssh-agent to allow relaxing of peer euid check be accepted?
Hi everyone. I have a system where I'd like to give certain users
time-limited access to the use of certain SSH private keys without actually
exposing the keys. I have the idea of using ssh-agent to do this. The agent
would run as a "keyholder" user, and group permissions on the UNIX-domain
socket would allow read-write by both that account and the actual ssh user.
Right now, ssh-agent makes a check using getpeereid(), and declines access
if it fails. This is very sensible in general, but breaks this particular
case. Might a patch...
2011 May 19
0
[Bug 1247] ssh-agent prevents use of filesystem permissions to control access to agent socket
...23:50:04 EST ---
I have a use-case for disabling this check as well. I have a system
where I'd like to give certain users time-limited access to the use of
certain SSH private keys without actually exposing the keys. I have the
idea of using ssh-agent to do this. The agent would run as a
"keyholder" user, and group permissions on the UNIX-domain socket would
allow read-write by both that account and the actual ssh user.
The current policy enforced by ssh-agent prevents this. This is very
sensible in general, but breaks my particular case, and Geoff's as
well.
Thanks!
--
Configure...