Re: SSH environment variable passing

From: Bob Rasmussen (ras_at_anzio.com)
Date: 03/25/04

  • Next message: Darren Tucker: "Re: PAM issues with 3.7p and 3.8p" 
    Date: Thu, 25 Mar 2004 09:18:15 -0800 (PST)
To: Gerson Galang <gerson.galang@adelaide.edu.au>

    On Thu, 25 Mar 2004, Gerson Galang wrote:

    > Dear OpenSSH developers,
    >
    > I just want to know how I can enable the functionality of forwarding the
    > environment varibles through SSH. I've searched google but I did not really
    > find any howto on this topic.

    A mechanism for doing so IS defined in the protocol. Of course it
    has to be a capability of both the client and the server.

    I have searched through the source for sshd from openssh, and it appears
    to support only a couple of specific environment variables. So I believe
    additional coding would be necessary for this to be possible (at least
    with openssh). It would be very handy to pass in an LPDEST variable, for
    instance.

    I have been told that allowing unlimited environment variables to be set
    by the client introduces a security risk. A client could reset a PATH, for
    instance. Thus some configuration mechanism would be necessary.

    A parallel situation exists in telnet. Early telnet daemons allowed any or
    nearly any environment variable to be set by the telnet client. Later
    implementations tightened up on this.

    A workaround involves one of the few things that IS passed - the TERM
    variable or the DISPLAY variable. In the client, you can construct an
    artificial string for this. Then, in the shell startup script (.bashrc,
    for instance), you can break this apart.

    Regards,
    ....Bob Rasmussen, President, Rasmussen Software, Inc.

    personal e-mail: ras@anzio.com
     company e-mail: rsi@anzio.com
              voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
                fax: (US) 503-624-0760
                web: http://www.anzio.com

  • Next message: Darren Tucker: "Re: PAM issues with 3.7p and 3.8p"

    Relevant Pages

    • Re: MVPs and Terminal Services
      ... but the Printer group is in the Windows Client ... Keep in mind that Windows Server 2003 is almost three years old, ... a TS environment is widely frowned upon). ... Microsoft MVP - Terminal Server ...
      (microsoft.public.windows.terminal_services)
    • Re: MVPs and Terminal Services
      ... Printer group is in the Windows Client org not in the Windows Server org ... Keep in mind that Windows Server 2003 is almost three years old, ... a TS environment is widely frowned upon). ... Microsoft MVP - Terminal Server ...
      (microsoft.public.windows.terminal_services)
    • Re: Disaster Recovery Planning
      ... each requiring telephone activation which admittedly doesn't ... take long), after removing Dell '3rd party rubbish', updated the system ... matched to a corporate environment. ... as server and client OS probably need ...
      (microsoft.public.windows.server.sbs)
    • Re: One login, several environments to use?
      ... >to have one account per user, instead of one account for each client. ... >each client must preserve their aliases and other environment funnythings. ... Each member of the team needed to be able to access each app, ...
      (comp.sys.hp.hpux)
    • Re: One login, several environments to use?
      ... >>to have one account per user, instead of one account for each client. ... >>each client must preserve their aliases and other environment funnythings. ... > 1 app at a time. ...
      (comp.sys.hp.hpux)