strange folder in /tmp with name ssh-*

ssh security directory
5,350

Solution 1

The folder contains sockets used by programs to communicate with ssh-agent:

From the man page:

$TMPDIR/ssh-XXXXXXXXXX/agent.< ppid >
    UNIX-domain sockets used to contain the connection to the
    authentication agent.  These sockets should only be readable by
    the owner.  The sockets should get automatically removed when the
    agent exits.

Solution 2

Florian's answer is correct. However, if you find a lot of them building up, you can put this file in your $HOME/.bash_logout file:

[ -n "$SSH_AGENT_PID" ] &&
    ps -p "${SSH_AGENT_PID}" >/dev/null 2>&1 | grep ssh-agent &&
    kill "${SSH_AGENT_PID}"

I'm not sure if they remain due to a bug, or if that's how ssh-agent is designed. But on some of our systems we see old ssh-agent processes left running and those files left under /tmp. Killing the agent process should remove the /tmp/ssh-whatever directory and files, but if it doesn't on your system, you could add a line to check and remove it based on $SSH_AUTH_SOCK.

Share:
5,350

Related videos on Youtube

Fat Mind
Author by

Fat Mind

Updated on September 18, 2022

Comments

  • Fat Mind
    Fat Mind over 1 year

    while i do ls to the /tmp i found these files what is the meaing of the ssh folder i found 

    /tmp$ ls 
config-err-pBxjic
e5a28b00f2378661cc615788a1fef225-{87A94AB0-E370-4cde-98D3-ACC110C5967D}
gnome-software-TQ809Y
ssh-Rony2Zd8gQ6O
systemd-private-a789ca0968fb4855b28539acfbf9babe-colord.service-UCNgBR
systemd-private-a789ca0968fb4855b28539acfbf9babe-fwupd.service-4Xkw4W
systemd-private-a789ca0968fb4855b28539acfbf9babe-rtkit-daemon.service-KmLgj9
systemd-private-a789ca0968fb4855b28539acfbf9babe-systemd-resolved.service-F55I3N
systemd-private-a789ca0968fb4855b28539acfbf9babe-systemd-timesyncd.service-W5W5Kx
unity_support_test.0

/tmp$ cd ssh-Rony2Zd8gQ6O/
/tmp/ssh-Rony2Zd8gQ6O$ ls 
agent.1616
/tmp/ssh-Rony2Zd8gQ6O$ cat agent.1616 
cat: agent.1616: No such device or address

    so what is the meaning of the existence of this folder and it's content

    • Videonauth
      Videonauth over 6 years
      Did you use ssh lately? I have a similar folder here containing a symbolic link agent.1909=
    • Fat Mind
      Fat Mind over 6 years
      no i didn't use SSH at all from this machine
    • Videonauth
      Videonauth over 6 years
      O.k. check the output of systemctl --state running | grep ssh
    • RonJohn
      RonJohn over 6 years
      I'd run ls -aFl. That will show whether or not agent.116 is a special file.
  • Fat Mind
    Fat Mind over 6 years
    so you mean it's normal ?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to limit folder/file access to a program only?
Hide/Don't list non-readable folders
Help! My server has been hacked - .IptabLes and .IptabLex in /boot
Ubuntu - saying your security settings have blocked an application from running with an out-of-date version of java
Does reinstalling openssh-server change the host key?
Disable interactive SSH at user-level
Disable all Logging in Ubuntu Server
ssh-copy-id without authentication
SSH authentication: either SSH keys or one time password
How did this exploit allow write access to root owned files?