Re: key auth ok one way, not the other
- From: "William B. Cattell" <wbcattell1.nospam@xxxxxxxxx>
- Date: Thu, 30 Mar 2006 13:03:12 GMT
On Thu, 30 Mar 2006 05:25:26 -0500, Richard E. Silverman wrote:
"WBC" == William B Cattell <wbcattell1.nospam@xxxxxxxxx> writes:
WBC> An update - I ran the agent as a user and was able to insert keys
WBC> into it. Would each user have to run the agent ro should I be
WBC> able to run it at startup (via r.local script) and let multiple
WBC> users access it?
The former. For security, ssh-agent requires that a client's uid match
its own, unless the client is root, who is allowed to talk to any agent.
This is an additional check on top of the permissions of the agent socket
node and containing directory.
Cf ssh-add.c; search for "getpeereid".
Richard - Thanks the clearing that up. It makes sense from a security
standpoint. I think it's working the way it's supposed to. Thanks to all
who've responded.
Bill
.
- References:
- key auth ok one way, not the other
- From: William B. Cattell
- Re: key auth ok one way, not the other
- From: Darren Tucker
- Re: key auth ok one way, not the other
- From: William B. Cattell
- Re: key auth ok one way, not the other
- From: Stein Arne Storslett
- Re: key auth ok one way, not the other
- From: William B. Cattell
- Re: key auth ok one way, not the other
- From: William B. Cattell
- Re: key auth ok one way, not the other
- From: Richard E. Silverman
- key auth ok one way, not the other
- Prev by Date: Re: key auth ok one way, not the other
- Next by Date: Re: key auth ok one way, not the other
- Previous by thread: Re: key auth ok one way, not the other
- Next by thread: Re: key auth ok one way, not the other
- Index(es):
Relevant Pages
|
|
