Re: ssh-agent and Linux



On Tue, 27 Mar 2007 14:33:40 +0000, Per Hedeland wrote:

In article <pan.2007.03.27.11.20.59@xxxxxxxxxxx> Harold Weissman
<HaroldW22@xxxxxxxxxxx> writes:
On Tue, 27 Mar 2007 03:57:46 +0000, Neil W Rickert wrote:

Harold Weissman <HaroldW22@xxxxxxxxxxx> writes:

I frequently run ssh-agent with its socket created at a different
location than the default one. When one does a ps command, one can see
where the socket has been created.

Would it be possible to do things in such a way that ps does not
reveal this information?

What would be the point, when the "netstat" command can give out the
same information?

Is it not the case that with netstat you need root privileges in
order to display the socket and the name of the application it is
associated with?

YMMV, but typically no to the first and yes to the second. However there
is another issue (and I suspect this is what Neil was actually thinking
about) - for ssh-agent to be of any use, the location of the socket must
be communicated to ssh (and ssh-add), which is done via the environment
- and this is also (typically) visible via 'ps':

$ ps ewww $$
PID TT STAT TIME COMMAND
7777 p1 Ss 0:03.35 USER=per ...
SSH_AUTH_SOCK=/tmp/ssh-aeTf2JUD9e/agent.7717 ...

The protection of the socket has be based on file system access rights,
trying to hide it away in a non-standard location doesn't really help.

But again, is it not the case that for the ps command above to
print out that it must be issued by the owner of the relevant process, or
by root?
.



Relevant Pages

  • Re: problem with Socket.Available
    ... > I try to implement a reusable socket class to send and receive data. ... you will find the code for this class (TcpHelper). ... probably connection closed by peer"); ... > (command, bytesRead, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: CANNOT receive UDP data in SERVICE program
    ... UDP" is really a powerful command I didn't know before. ... Broadcast online request which brings local command socket port ... Call setsockopt to set a 5000ms TIMEOUT option on #SOCK1; ... In fact I can see the command data in Sniffer, ...
    (microsoft.public.win32.programmer.networks)
  • Re: CANNOT receive UDP data in SERVICE program
    ... UDP" is really a powerful command I didn't know before. ... Broadcast online request which brings local command socket port ... Call setsockopt to set a 5000ms TIMEOUT option on #SOCK1; ... In fact I can see the command data in Sniffer, ...
    (microsoft.public.win32.programmer.networks)
  • Re: CANNOT receive UDP data in SERVICE program
    ... After downloading a SERVICE source code and copy my codes into it, ... UDP" is really a powerful command I didn't know before. ... Broadcast online request which brings local command socket port ... In fact I can see the command data in Sniffer, ...
    (microsoft.public.win32.programmer.networks)
  • Re: ssh-agent and Linux
    ... where the socket has been created. ... when the "netstat" command can give out the ... Hm, yes, this seems to be the case on a couple of Unices that I tried ...
    (comp.security.ssh)