Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Secure-Shell
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ssh-agent and peer euid != uid

from [Geoff Clitheroe] Network Security [Permanent Link]
Subject: ssh-agent and peer euid != uid
Date: Fri, 2 Dec 2005 06:55:23 +1300 
Hi,

we use an agent account that runs an ssh-agent with processing account
keys loaded.  Each process account belongs to the agent group and
group permissions are used to control access to the agent socket. 
This now fails with errors like: 'error: uid mismatch: peer euid 3333
!= uid 9999' and it seems that ssh-agent.c checks the euid and uid

                 if ((euid != 0) && (getuid() != euid)) {
                     error("uid mismatch: "
                         "peer euid %u != uid %u",
                         (u_int) euid, (u_int) getuid());
                     close(sock);
                     break;
                }

ssh is OpenSSH_4.2p1, OpenSSL 0.9.7a Feb 19 2003

Is our approach (a shared agent account using group permissions) now
seen as bad form and do we have to run an agent per account?

Is this fixable with group permissions?

Is this a bug?

Thanks,
Geoff
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • ssh-agent and peer euid != uid, Geoff Clitheroe <=
Previous by Date:  Bad transmission rate, Stefan Schulze Frielinghaus
Next by Date:  Re: Bad transmission rate, Darren Tucker
Previous by Thread:  Bad transmission rate, Stefan Schulze Frielinghaus
Next by Thread:  Re: SSH Tunneling without console login, John Maher
Indexes:  [Date] [Thread] [Top] [All Lists]