This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
I made a modified version of ssh-agent so it can run under cygrunsrv under the local system account. This seems to work fine without having to disable or uninstall McAfee.
Note: this is not an official update. It is a version I made for my own purposes but others might find it usable too.
Changes I made: 1) Added a -r flag which prevents ssh-agent from forking. 2) Replaced fprintf(stderr,...) with logit(...) for logging to the event log when running under cygrunsrv. 3) Added a source file (ssh-agent-reg.c) which contains a routine to register the SSH_AUTH_SOCK in the global environment variable list of windows (through the windows registry). 4) Qualified all identity(key) accesses with the euid/egid as presented when adding the key initially. Reason: when running ssh-agent under the SYSTEM account, all keys are potentially accessible for everyone (security issue). Solution: when adding a key, the euid and egid as obtained from getpeereid() are stored together with the key. All subsequent accesses to that stored key are restricted to the user which added the key (based on the euid and egid obtained using getpeereid()). This basically limits access to the keys to their creators only. 5) Added TAILQ_FOREACH_SAFE macro to openbsd-compat/sys-queue.h (needed to remove only the keys for the invoking user when using ssh-add -D).
Notes: Changes 1 and 4 are conditional compiled using #ifdef __CYGWIN__/#endif. Change 3 is based on a solution that Karl M posted earlier (subject: "Re: how to make ssh-agent automatically").
I have tested these modifications on a W2K machine only. The registry functions should work for Windows 95 upwards (according to their description on the Microsoft website) so potentially this modified version should work under W95 an up also but I haven't verified that.
ssh-add -l > /dev/null 2>&1 if [ $? -eq 1 ]; then ssh-add fi
Attachment:
ssh-agent-reg.c
Description: Text document
Attachment:
ssh-agent.c
Description: Text document
-- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |