ssh-agent and peer euid != uid



Hi,

we use an agent account that runs an ssh-agent with processing account
keys loaded. Each process account belongs to the agent group and
group permissions are used to control access to the agent socket.
This now fails with errors like: 'error: uid mismatch: peer euid 3333
!= uid 9999' and it seems that ssh-agent.c checks the euid and uid

if ((euid != 0) && (getuid() != euid)) {
error("uid mismatch: "
"peer euid %u != uid %u",
(u_int) euid, (u_int) getuid());
close(sock);
break;
}

ssh is OpenSSH_4.2p1, OpenSSL 0.9.7a Feb 19 2003

Is our approach (a shared agent account using group permissions) now
seen as bad form and do we have to run an agent per account?

Is this fixable with group permissions?

Is this a bug?

Thanks,
Geoff