ssh-agent and peer euid != uid



Hi,

we use an agent account that runs an ssh-agent with processing account
keys loaded. Each process account belongs to the agent group and
group permissions are used to control access to the agent socket.
This now fails with errors like: 'error: uid mismatch: peer euid 3333
!= uid 9999' and it seems that ssh-agent.c checks the euid and uid

if ((euid != 0) && (getuid() != euid)) {
error("uid mismatch: "
"peer euid %u != uid %u",
(u_int) euid, (u_int) getuid());
close(sock);
break;
}

ssh is OpenSSH_4.2p1, OpenSSL 0.9.7a Feb 19 2003

Is our approach (a shared agent account using group permissions) now
seen as bad form and do we have to run an agent per account?

Is this fixable with group permissions?

Is this a bug?

Thanks,
Geoff



Relevant Pages

  • RE: Domain List could not point to new domain automatically
    ... when you use ADMT to migrate Computer account from one domain to ... it will dispatch a migration agent to the computers. ... Microsoft Online Partner Support ...
    (microsoft.public.windows.server.migration)
  • Re: ADMT (Computer migration)
    ... 2004-02-24 11:02:25 Installing agent on 1 servers ... 2004-02-24 11:02:25 The Active Directory Migration Tool Agent will be ... 2004-02-24 11:02:30 Translating local machine. ... the source account 'migge5' is currently logged on or the profile is in use ...
    (microsoft.public.windows.server.migration)
  • Re: Subscriber Security Settings for Distributor and Publisher log
    ... I cant check the agent properties from here, as the subscriber is in another ... > It is done through SQL Server authentication or NT Authentication. ... using Authentication it authenticates using the account that your SQL Server ...
    (microsoft.public.sqlserver.replication)
  • Re: that OTHER group - UPDATE
    ... other Thunderbird. ...  Newsreaders/Email apps like Thunderbird or Agent allow you to ...  Once you're in your Gmail account, ... Settings and click the Forwarding/POP and IMAP tab. ...
    (alt.sports.baseball.ny-yankees)
  • Re:Access Denied when using ADMT to migrate Computer Accounts
    ... I had already add the Domain Admins to the C drive prior, ... The issue may occur if the user account that you use to run the ADMT tool ... doesn't have the local administrator permission of the Windows XP ... | domain...computer account is copied ok, but the dispatching of the agent ...
    (microsoft.public.windows.server.migration)