Re: sshd preserves $MAIL from compiler system

From: Darren Tucker (dtucker_at_zip.com.au)
Date: 03/24/04

  • Next message: Gerson Galang: "SSH environment variable passing"
    Date: Thu, 25 Mar 2004 09:40:40 +1100
    To: simonst@wellsfargo.com
    
    

    simonst@wellsfargo.com wrote:

    > We compiled sshd 3.8p1 on an HPUX 11.00 development box, and are deploying
    > it to our production servers. The sshd daemons on those boxes appear to set
    > the MAIL environment variable for ssh shells to what it was on the original
    > development box where sshd was compiled. Is this a feature or a bug?

    It's a feature :-)

    > We'd like sshd to use whatever environment variables are on the server it's
    > running on, instead of the server where it was compiled.

    You can override $MAIL in one of the shell startup files (eg
    /etc/profile) or you can modify the $MAIL handling in session.c. If you
    do the latter, you will also have to remove the clearing of the daemon's
    environment from sshd.c, and make sure $MAIL is set in the script
    starting up sshd.

    -- 
    Darren Tucker (dtucker at zip.com.au)
    GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
         Good judgement comes with experience. Unfortunately, the experience
    usually comes from bad judgement.
    

  • Next message: Gerson Galang: "SSH environment variable passing"

    Relevant Pages

    • Re: how would openssh react face to an attack ?
      ... >but how would it react face to an attack? ... account after X password failures. ... if the OS doesn't support lockout then sshd doesn't either. ... Good judgement comes with experience. ...
      (comp.security.ssh)
    • Re: telnet tunnelling ssh
      ... >That host has ssh package installed and sshd up and running. ... >(All looks silly but it's the truth) ... >connection already established? ... Good judgement comes with experience. ...
      (comp.security.ssh)
    • Re: AIX 5.3 LDAP PAM PrivilegeSeperation
      ... > If we run sshd in non-privilegeseperation mode, ... > expiry, when a user is REQUIRED to change the password, when a new ... Good judgement comes with experience. ...
      (comp.security.ssh)
    • Re: PAM and SSH
      ... It appears that for sshd, sshusers would have to be their primary group ... sshd checks the supplemental group ids by using getgrouplist. ... why I suggested using two AllowGroups directives in my follow-up post. ... Good judgement comes with experience. ...
      (SSH)
    • Re: key_read: missing keytype
      ... the logfiles indicated that my sshd doesn't check this ... uses that directory but OpenSSH doesn't. ... Good judgement comes with experience. ...
      (comp.security.ssh)