From owner-cvs-all Tue Jul 28 07:46:52 1998 Return-Path: Received: (from daemon@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA22022 for cvs-all-outgoing; Tue, 28 Jul 1998 07:46:52 -0700 (PDT) (envelope-from owner-cvs-all) Received: from vader.cs.berkeley.edu (vader.CS.Berkeley.EDU [128.32.38.234]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA22013 for ; Tue, 28 Jul 1998 07:46:50 -0700 (PDT) (envelope-from asami@vader.cs.berkeley.edu) Received: from silvia.HIP.Berkeley.EDU (sji-ca7-188.ix.netcom.com [209.109.235.188]) by vader.cs.berkeley.edu (8.8.7/8.7.3) with ESMTP id HAA21134 for ; Tue, 28 Jul 1998 07:46:19 -0700 (PDT) Received: (from asami@localhost) by silvia.HIP.Berkeley.EDU (8.8.8/8.6.9) id HAA21878; Tue, 28 Jul 1998 07:46:10 -0700 (PDT) Date: Tue, 28 Jul 1998 07:46:10 -0700 (PDT) Message-Id: <199807281446.HAA21878@silvia.HIP.Berkeley.EDU> To: committers@freebsd.org Subject: ssh-agent and chroot From: asami@cs.berkeley.edu (Satoshi Asami) Sender: owner-cvs-all@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Hi, Is it possible to get ssh to do X11 forwarding in a chrooted environment? (This is on the package building machine, paddock.) As far as I can tell, it needs /tmp/ssh-asami/* to be visible for X11 forwarding to work. I tried hardlinking the socket but /tmp is not in the same filesystem as the chrootdir. I tried symlinking /tmp/ssh-asami into the chrooted /tmp but sshd complains that the mode is not right: === Remote: * Remote error: Agent socket creation:Bad modes/owner for directory '/tmp/ssh-asami' (modes are 120777, should be 041777) Remote: * Remote error: Authentication fowarding disabled. Warning: Remote host denied authentication agent forwarding. === It is apparently checking the mode of the symlink, not the directory it's pointing to. I can't change the mode of the symlink, so this doesn't work. So, I guess my question is, is it possible to change the directory ssh creates the agent sockets (/tmp/ssh-agent) somehow? Short of hacking the source, it is. (I don't want to change sshd's behavior just so I can build some packages on paddock....) Satoshi