Re: openSSH and PATH
From: Nico Kadel-Garcia (nkadel@bellatlantic.net)Date: 01/29/02
- Next message: SmurfMan: "Biometric Security"
- Previous message: r5: "X forwarding over ssh stacked over ssh?"
- In reply to: those who know me have no need of my name: "Re: openSSH and PATH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Nico Kadel-Garcia" <nkadel@bellatlantic.net> Date: Tue, 29 Jan 2002 06:14:24 GMT
"those who know me have no need of my name" <not-a-real-address@usa.net>
wrote in message news:u5bvcpi22rbf42@news.supernews.com...
> <Mnm58.3511$pb.983@nwrddc01.gnilink.net> divulged:
> >"those who know me have no need of my name" <not-a-real-address@usa.net>
> >wrote in message news:u5bg0orqcjru80@news.supernews.com...
> >> <3c5586ac@news.uni-ulm.de> divulged:
>
> >> >I have installed openSSH 3.0.2p1 successfully under DigitalUnix 4.0F.
> >> >Now, when I logged in with ssh, my PATH is not correct! My
homedirectory
> >> >ist not in the searchpath and other paths are duplicated in the
> >> >searchpath.
> >>
> >> those things are generally set by your system's login program. in
> >> general ssh daemons do not invoke the system login program. you can
> >> change that, in the sshd configuration.
> >
> >Umm. A lot of us prefer to use our .cshrc, .profile, or other shell
> >configuration file, depending on your user's shell.
>
> some people do replace their path, but most expect it to be initialized,
> i.e., they use PATH=/new/path:$PATH. it's the difference in
> initialization that can be important.
True. But the initial path will normally *not* include the user's ~/bin
path, for various security and consistency reasons, and under many OS's will
not include /usr/local/bin.
> >There are some fairly
> >strong historic reasons to avoid the use of /bin/login by SSH, mostly due
to
> >security issues between /bin/login on particular OS's and programs that
are
> >handing off login requests from a slightly different environment, namely
> >that of sshd itself. Those are *hard* to control! Much better to avoid
> >/bin/login and set it in the local shell profiles.
>
> aye, sshd doesn't manage to hand off new connections to the system login
> service properly in most revisions. this is a flaw in sshd. not one
> that has stopped people from using it, mostly they just ignore the loss
> of functionality in the hope that the gain in security is sufficient.
It's also primarily a portability problem: hand offs to /bin/login are
somewhat system dependent, and difficult to maintain across so many
platforms and platform revision levels. Since the bugs discovered in
/bin/login are often system bugs reflected for *any* network login, for SSH
as well as rsh and telnet, I don't think we can fully blame SSH for it. It
has particularly been a problem for AT&T, SysV based /bin/login. I've found
a lot of SysV based tools to be rather poor implementations, and the BSD
versions to be vastly superior: /bin/login is another such example.
- Next message: SmurfMan: "Biometric Security"
- Previous message: r5: "X forwarding over ssh stacked over ssh?"
- In reply to: those who know me have no need of my name: "Re: openSSH and PATH"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
