I thought I'd ask a question about something I've always been curious
about. I know that the way ssh-agent sets variables (possibly in a
subshell, or via shell commands when it is started) has caused some
confusion (at least for me and a few other people who have posted on
this list).

For example, in order to make use an existing ssh-agent instance the
corresponding SSH_AUTH_SOCK variable needs to be set. This can be
tricky when using cron jobs or when making use of ssh-agent in a long
running daemon.

So my question is - Why doesn't ssh-agent default the location of the
socket file to some well known fixed secure location such
$HOME/.ssh/agent? Since I realize that I can achieve something close to
this with the '-a' switch I make use of it in the ssh-agent that is
started with my X session:

/etc/X11/xinit>>diff -uw xinitrc-common.orig xinitrc-common
--- xinitrc-common.orig 2006-02-16 08:50:35.000000000 -0600
+++ xinitrc-common 2006-09-27 23:58:16.000000000 -0500
@@ -61,12 +61,13 @@
done

# Prefix launch of session with ssh-agent if available and not already
running.
+/bin/rm -f $HOME/.ssh/agent
SSH_AGENT=
if [ -x /usr/bin/ssh-agent -a -z "$SSH_AGENT_PID" ]; then
if [ "x$TMPDIR" != "x" ]; then
- SSH_AGENT="/usr/bin/ssh-agent /bin/env TMPDIR=$TMPDIR"
+ SSH_AGENT="/usr/bin/ssh-agent -a $HOME/.ssh/agent /bin/env
TMPDIR=$TMPDIR"
else
- SSH_AGENT="/usr/bin/ssh-agent"
+ SSH_AGENT="/usr/bin/ssh-agent -a $HOME/.ssh/agent"
fi
fi

But it would be simpler if ssh-agent just defaulted to some fixed secure
location when SSH_AUTH_SOCK is not set.

I realize that the way it currently works allows for each user to have
multiple instances of ssh-agent, but it seems that you could continue to
allow that by having a switch that causes ssh-agent to generate the
socket with some random mkstemp() name as it currently does. Besides,
there should not be much need to have multiple instances of ssh-agent
per user since each instance of ssh-agent can store multiple keys.

Maybe I'm overlooking some security benefit to the way it currently
works such as not having the socket file on a possibly networked file
system, but $HOME/.ssh is trusted to be secure for ordinary files.
Maybe there is some benefit to remote users not being able to guess
where the socket file is, but I'm not sure what that would be.

There is a similar issue with the master socket (-M, -O and -S
switches).

--
Steven Elliott