Bug 2866 - Allow forwarded agent sockets to be in somewhere other than /tmp
Summary: Allow forwarded agent sockets to be in somewhere other than /tmp
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: 7.7p1
Hardware: Other Linux
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-12 05:29 AEST by Robin Powell
Modified: 2018-05-12 05:29 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robin Powell 2018-05-12 05:29:07 AEST 
On my site we use pam_ssh_agent_auth

This means that if something happens to fill up /tmp, we lose the ability to sudo, which is not awesome.  We'd like to have a tmpfs-backed FS *just* for ssh agent sockets, but we can't because as far as I can tell from the code, tmp/ssh-XXXXX is hard-coded in sshd.

On more recent ssh versions, this can be hacked around with -R on our auth sockets, but currently most of my plant is on ssh 5.3 because reasons, but also it really seems like this is something that should be configurable.