Bug 2866

Summary: Allow forwarded agent sockets to be in somewhere other than /tmp
Product: Portable OpenSSH Reporter: Robin Powell <rlpowell>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: NEW ---    
Severity: enhancement    
Priority: P5    
Version: 7.7p1   
Hardware: Other   
OS: Linux   

Description Robin Powell 2018-05-12 05:29:07 AEST 
On my site we use pam_ssh_agent_auth

This means that if something happens to fill up /tmp, we lose the ability to sudo, which is not awesome.  We'd like to have a tmpfs-backed FS *just* for ssh agent sockets, but we can't because as far as I can tell from the code, tmp/ssh-XXXXX is hard-coded in sshd.

On more recent ssh versions, this can be hacked around with -R on our auth sockets, but currently most of my plant is on ssh 5.3 because reasons, but also it really seems like this is something that should be configurable.