Location of socket for agent forwarding on remote machine configurable?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Hi,
The "ForwardAgent" configuration item documented in ssh_config(5) allows to forward a different agent socket to the remote machine than the one whose path is contained in the environment variable SSH_AUTH_SOCK. But on the remote machine, sshd.c creates another socket, that it listens on, as long as the ssh session is running, and proxies all requests to the origniating agent, right? 

Is it possible to configure the location of the agent socket on the remote machine, or is that location hardcoded to /tmp/ssh-XXXXXXXXXXXX/agent.<pid>?
Background for the question is that I use a build host on a remote machine. I ssh to the machine and then reconnect to a long running tmux session where I do my development things. During the build I need access to my ssh keys on the originating machine, which is why I use ssh's ForwardAgent option (I can trust the remote machine). But the build also needs to happen in a chroot environment, which of course has no access to the real /tmp directory on the remote machine, where the forwarded agent socket lives.
My current workaround is, to run a socat process on the remote machine, that proxies between a socket inside the build chroot and the one in /tmp where sshd listenes and again proxies it to my local machine, but it would be much easier to just tell sshd on the remote machine to open its socket inside the build chroot. 

Best regards, Nils

--
Dipl. Math Nils Rennebarth
Senior Software Developer
Division Public Authorities
secunet Security Networks AG


Tel.: +49 201 5454-3976, Mobil: +49 174 9750449
E-Mail: nils.rennebarth@xxxxxxxxxxx
Neue Brücke 3, 70173 Stuttgart
www.secunet.com

______________________________________________________________________

Sitz: Kurfürstenstraße 58, 45138 Essen, Deutschland
Amtsgericht Essen HRB 13615
Vorstand: Marc-Julian Siewert (Vors.), Torsten Henn, Dr. Kai Martius, Jessica Nospers
Aufsichtsratsvorsitzender: Dr. Ralf Wintergerst
______________________________________________________________________

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux