recover ssh-agent socket
guy keren
guy.choo.keren at gmail.com
Sat Jan 8 16:05:31 IST 2022
On 1/8/22 3:06 PM, Tzafrir Cohen wrote:
> On Sat, Jan 08, 2022 at 01:24:18PM +0200, Shachar Shemesh wrote:
>>> You can probably find it under /proc/$SSH_AGENT_PID/fd.
>
> I see there:
>
> lrwx------ 1 root root 64 Jan 8 15:00 0 -> /dev/null
> lrwx------ 1 root root 64 Jan 8 15:00 1 -> /dev/null
> lrwx------ 1 root root 64 Jan 8 15:00 2 -> /dev/null
> lrwx------ 1 root root 64 Jan 8 15:00 3 -> 'socket:[14326]'
>
>
>>> With that said, I'm not sure whether that brings you any closer
>>> to recovering it. Maybe a move (the syscall, not the command line)
>>> from there to $SSH_AUTH_SOCK?
>
> Also, to answer Uri:
>
> Because it's there.
>
the only way i can think about, is:
1. create a new socket file with the same ownership and permissions as
before under /tmp
2. attach gdb to your running ssh-agent, with a script to make it open a
new file descriptor to the new file, and use 'dup' to duplicate it on
top of the existing file descriptor. the reason that it should be a dup,
is in case ssh-agent uses select() or poll() or something similar to
learn of that socket being active.
i'm not sure this will work - you may want to check this on a
stand-alone ssh-agent that will listen on a different socket file in a
different path.
--guy
More information about the Linux-il
mailing list