Search
Search

Is it a security risk to let ssh-agent always use the same socket?

schoettl Published at Dev
30
schoettl

I use ssh-agent as a wrapper program for startx. Is it a security risk, to use always the same socket file?

ssh-agent -a /tmp/xyz123 startx

-a specifies the socket bind address. If not specified, it would be a random filename.

I'd like to use a fix socket filename because I want to specify SSH_AUTH_SOCK=/tmp/xyz123 in my crontab file. Otherwise cronjobs that use SSH fail.

andcoz

IMHO, using /tmp is a minor security risk. Using the same file name is not a problem because even if you change it every time, it'll be easy to find.

Put the socket in a directory readable only by the user itself.

E.g. On many recent distributions, the socket file is always /run/user/1000/keyring/ssh where 1000 is the user's id.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Is this SSH config misconfigured and a security risk?

Security risk in everyday use of an admin account (not root)?

Does ssh use the ssh-agent?

Generate SSH key with Terraform and always add to ssh-agent

Gitkraken cannot use local SSH agent

jenkins how to use ssh-agent in docker

How to change ssh agent unix socket location on server side

Security risk of PHP variables

Are .eml attachments a security risk?

Is this a security risk/concern?

is this view a security risk?

Setgid bit - is it a security risk?

Why is it a security risk for SSH with public-private key if the home folder is writable for the group?

Does the "authenticity of host can't be established" message in SSH reflect a security risk?

Javascript navigator.userAgent always show the same agent in Firefox

gpg-agent mysteriously stopped working - agent on remote system no longer connecting to ssh socket

Sharing the same `ssh-agent` among multiple login sessions

How do I use gpg-agent as with ssh-agent+ssh-add?

Let two flavors use the same sourceSet

How to use two let's on the same line?

Endless session: any security risk?

One time password security risk

What is the security risk of object reflection?

Does RedirectToAction pose a security risk?

Multiple Submit Buttons Security Risk

BitPay API notifications: security risk?

How to use ssh-agent as a system service on mac

How do I use ssh-agent as a wrapper program?

ssh-agent rendered unusable after single use

TOP Ranking

  1. 1

    Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

  2. 2

    pump.io port in URL

  3. 3

    How to import an asset in swift using Bundle.main.path() in a react-native native module

  4. 4

    Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

  5. 5

    Failed to listen on localhost:8000 (reason: Cannot assign requested address)

  6. 6

    Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

  7. 7

    Is this docker-for-mac password dialog legit?

  8. 8

    Double spacing in rmarkdown pdf

  9. 9

    ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

  10. 10

    Vector input in shiny R and then use it

  11. 11

    Assembly definition can't resolve namespaces from external packages

  12. 12

    Bootstrap 5 Static Modal Still Closes when I Click Outside

  13. 13

    Can a 32-bit antivirus program protect you from 64-bit threats

  14. 14

    Using Response.Redirect with Friendly URLS in ASP.NET

  15. 15

    BigQuery - concatenate ignoring NULL

  16. 16

    How to how increase/decrease compared to adjacent cell

  17. 17

    AirflowException: Celery command failed - The recorded hostname does not match this instance's hostname

  18. 18

    @RefreshScope annotated Bean registered through BeanDefinitionRegistryPostProcessor not getting refreshed on Cloud Config changes

  19. 19

    MTKView Displaying Wide Gamut P3 Colorspace

  20. 20

    Displaying attached image with post how to i get it to display

  21. 21

    Python connect to firebird docker database

HotTag

Archive