I use ssh-agent
as a wrapper program for startx
. Is it a security risk, to use always the same socket file?
ssh-agent -a /tmp/xyz123 startx
-a
specifies the socket bind address. If not specified, it would be a random filename.
I'd like to use a fix socket filename because I want to specify SSH_AUTH_SOCK=/tmp/xyz123
in my crontab file. Otherwise cronjobs that use SSH fail.
IMHO, using /tmp
is a minor security risk. Using the same file name is not a problem because even if you change it every time, it'll be easy to find.
Put the socket in a directory readable only by the user itself.
E.g. On many recent distributions, the socket file is always /run/user/1000/keyring/ssh
where 1000 is the user's id.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments