search for: saz24308

...!) I'd like to make it a little more difficult for the hacker to access a running ssh-agent. At present, if a hacker can be root they just need to find the socket and connect to it, this is too easy. Why can't the ssh-agent, put an extra secret in the environment? SSH_AUTH_SOCK=/tmp/ssh-saZ24308/agent.24308?SALT=RaNdoMsTuFF447183414 2/ I also think it should have a timeout too, perhaps dumping all keys if the agent is unused for more than 30 mins. This is all completely useless if the hacker, has been root once they could easily replace the whole OpenSSH package , with their own, but thi...