Bug#882475: weird access permission to ssh-agent's socket

To: submit@bugs.debian.org
Subject: Bug#882475: weird access permission to ssh-agent's socket
From: Harald Dunkel <harald.dunkel@aixigo.de>
Date: Thu, 23 Nov 2017 11:47:27 +0100
Message-id: <[🔎] 9338eabf-196d-3e5b-26af-4508e4bcb551@aixigo.de>
Reply-to: Harald Dunkel <harald.dunkel@aixigo.de>, 882475@bugs.debian.org

Package: openssh-server
Version: 1:7.4p1-10+deb9u1

If I run "ssh somehost", then a new ssh-agent is started with weird
access permissions on its socket. Sample session:

% ls -al $SSH_AUTH_SOCK
srw------- 1 hdunkel users 0 Nov 23 11:25 /tmp/ssh-D65j4nl0gu7k/agent.3243
% ssh localhost
Linux dpcl082.ac.aixigo.de 4.9.0-4-amd64 #1 SMP Debian 4.9.51-1 (2017-09-28) x86_64

% ls -al $SSH_AUTH_SOCK
srwxr-xr-x 1 hdunkel users 0 Nov 23 11:42 /tmp/ssh-svX5x2DI9l/agent.6837


The first ssh-agent was created by lightdm at login time, AFAICT. In my
understanding the access permissions on the socket for the second ssh-agent
are way too permissive by default.

Can you confirm?


.ssh/config:

Host *
        AddKeysToAgent yes
        ForwardAgent yes


Regards
Harri

Reply to:

Follow-Ups:
- Bug#882475: marked as done (weird access permission to ssh-agent's socket)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#882196: marked as done (ssh: apt-get install ssh broken for i386)
Next by Date: Bug#882475: marked as done (weird access permission to ssh-agent's socket)
Previous by thread: Bug#882196: marked as done (ssh: apt-get install ssh broken for i386)
Next by thread: Bug#882475: marked as done (weird access permission to ssh-agent's socket)
Index(es):
- Date
- Thread