Using ssh-agent option: -a <socket>
Date: 11 Aug 2005 18:15:25 -0700
I'd like some advice:
First, a bit of context: I am trying to work out some guidelines for
my workgroup's use of ssh. We all use VNC to log in to a large Unix
server that acts as our workstation.
My question regards ssh-agent: I have always regarded the whole
business of capturing and passing around the two envars
SSH_AUTH_SOCK and SSH_AGENT_PID as rather awkward and fussy.
So I was pleased when I learned (in the fabulous SnailBook, of
course) about the OpenSSH option to ssh-agent: -a <socket> .
I am considering recommending to my group that we use this to
specify a fixed socket name within ~/.ssh/ .
Seems to me this would greatly simplify the envar handling:
- Just specify in ~/.profile:
- Just forget about SSH_AGENT_PID :
- AFAIK it is used only when you want to kill ssh-agent .
- In our environment that doesn't happen very often,
since our Xvnc sessions last for months.
- It's pretty easy to find the PID with ps(1) and just use kill;
or it's easy to write a script to do this.
My question is if there is a significant security risk in making
it so easy for others on the system to find the socket.
Even if you didn't know the convention, the -a arg shows up in the
ps(1) display. Presumably the ~/.ssh directory is pretty well
The default is to try to hide the socket in a subdir of /tmp, and to
obscure it with a random name. But the security of this depends on
the same permissions mechanism that protects ~/.ssh .
Or is there significant benefit from this default hiding the socket
from those NOT logged in to the system.
Also, would this scheme have any bearing on the advisability of
(BTW, another of my recommendations will be to use the -t option of
ssh-agent to require re-entering the passphrase every hour or two,
in case you are concerned about long-lasting ssh-agent processes.)