Re: ssh_config and sshd_config question



Look at "PermitUserEnvironment yes" in sshd_config.

On Wed, Mar 15, 2006 at 11:06:52AM -0500, Chansup Byun wrote:
Hi,

I am trying to send an local environment variable, ENVIRONMENT, to the
remote session with the following OpenSSH version.

OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005

Following the ssh_config and sshd_config man pages, in order to pass the
local environment variable, ENVIRONMENT, I added the following lines to
both config files, respectively.

bash-2.05# grep Env /usr/local/etc/ssh_config
SendEnv ENVIRONMENT
bash-2.05# grep Env /usr/local/etc/sshd_config | grep ENVIRONMENT
AcceptEnv ENVIRONMENT

My test showed that it worked fine when I started the remote session as
a root. However, if I started the remote session as a normal user, the
remote session didn't get the local environment variable.

Is this a bug or a feature?
Is there a way to make this work for normal users?

Here're my test results:

bash-2.05# export ENVIRONMENT=BATCH_root
bash-2.05# echo $ENVIRONMENT
BATCH_root
bash-2.05# /usr/local/bin/ssh -l dant3 hes-hpc3
dant3@hes-hpc3's password:
Last login: Wed Mar 15 10:34:44 2006 from hes-hpc4
========================
dant3: user profile
UID PID PPID C STIME TTY TIME CMD
dant3 863 861 0 10:51:08 pts/3 0:00 -ksh
ENVIRONMENT=BATCH_root
dant3: End user profile
========================

Start remote session a normal user:

$ export ENVIRONMENT=BATCH_dant3
$ echo $ENVIRONMENT
BATCH_dant3
$ /usr/local/bin/ssh -l dant3 hes-hpc3
Last login: Wed Mar 15 10:51:07 2006 from hes-hpc3
========================
dant3: user profile
UID PID PPID C STIME TTY TIME CMD
dant3 898 893 0 10:53:27 pts/4 0:00 -ksh
ENVIRONMENT=
dant3: End user profile
========================


Thanks,

- Chansup



Relevant Pages

  • ssh_config and sshd_config question
    ... I am trying to send an local environment variable, ENVIRONMENT, to the remote session with the following OpenSSH version. ... dant3: End user profile ...
    (SSH)
  • Re: ssh_config and sshd_config question
    ... Well, this does not work with the environment variable exported on the current window, on which a remote secure shell was initiated by a normal user. ... dant3: End user profile ...
    (SSH)
  • RE: Migrating local user profiles with ADMT
    ... I built the similar environment and followed your steps to test the result. ... Source domain: windows server 2000 ... I have successfully migrated user profile by security translation wizard. ... Please migrate user profile before migrating workstation to ...
    (microsoft.public.windows.server.migration)
  • Re: Cannot run a command process from a Windows Service
    ... they have no access to the logon user profile nor do they have access to ... explicitly load the user profile using the Win32 "LoadUserProfile" ... they have their own environment block associated with the process. ... therefore I suggest you to find an alternative for a windows service. ...
    (microsoft.public.dotnet.languages.csharp)