On Fri, 2006-09-29 at 11:11 +0200, Markus Friedl wrote:
On Thu, Sep 28, 2006 at 12:17:17AM -0500, Steven Elliott wrote:
So my question is - Why doesn't ssh-agent default the location of the
socket file to some well known fixed secure location such
$HOME/.ssh/agent?
$HOME might be on a nfs server, so -a $HOME/.ssh/agent
is not the default.
How is having the socket file on an NFS server a problem? I know that
other applications do it, such as evolution / spamd:
/home/sle/.evolution/cache/tmp/spamd-socket-path-bz4CuE
We at least assume that $HOME/.ssh is secure for ordinary files and
directories. Also, the namespace that has to do with applications
binding to socket files is per machine. So I don't see what harm would
be done by an untrusted machine binding to it.
But there is a problem with a socket file existing when the bind()
system call is run on it (it fails with EADDRINUSE). I tried modifying
ssh-agent.c to set SO_REUSEADDR on the socket just before binding to it,
and that did not help.
Maybe this is the problem you are referring to. Maybe what I suggested
could be amended to include the hostname in the name of the socket file.
Maybe it could just be placed in the /tmp directory as it currently is,
but with some fixed name if that location is available and it can be
secured.
Someone privately sent me an email suggesting that I just capture the
output of ssh-agent and source it later:
ssh-agent -s > foo
source foo
and I agree that will work, but my thought is that it would be nice to
do this once in ssh-agent rather than having various cron jobs, long
running daemons or whatever each trying to figure it out.
--
Steven Elliott
