James Ralston
2005-Feb-07 18:18 UTC
treat output of sshrc as environment assignment lines?
Currently, ~/.ssh/environment can set static environment variables, and ~/.ssh/rc can run initialization routines. But there is no way for sshrc to propagate changes to the environment to the user's shell or command. There is, however, a possible way to do this. If the PermitUserEnvironment option is set, sshd could treat the stdout of sshrc as additional assignment lines of the form name=value. This would permit sshrc to propagate propagate changes to the environment to the user's shell or command. The specific problem I am trying to solve here is to use a temporary, securely-created Xauthority file. If sshd were to read the output of sshrc, then I could do it. E.g.: if read proto cookie && [ -n "$DISPLAY" ]; then if xauth=`mktemp -t xauth-XXXXXXXXXX" 1>/dev/null`; then XAUTHORITY=${xauth}; export "${XAUTHORITY}" echo "XAUTHORITY=${XAUTHORITY}" fi if [ `echo "x${DISPLAY}" | cut -c1-11` = 'xlocalhost:' ]; then # X11UseLocalhost=yes echo add "unix:`echo $DISPLAY | cut -c11-`" ${proto} ${cookie} else # X11UseLocalhost=no echo add "${DISPLAY}" "${proto}" "${cookie}" fi | xauth -q - fi Having sshd evaluate the output that sshrc produces (if PermitUserEnvironment is set, that is) would enable this and other "smart" initialization routines. Thoughts? (I.e., if I were to write a patch to implement this feature, would it be accepted?) -- James Ralston, Information Technology Software Engineering Institute Carnegie Mellon University, Pittsburgh, PA, USA
James Ralston
2005-Feb-15 20:16 UTC
treat output of sshrc as environment assignment lines?
On 2005-02-07 at 13:18-05 James Ralston <qralston+ml.openssh-unix-dev at andrew.cmu.edu> wrote:> Currently, ~/.ssh/environment can set static environment variables, > and ~/.ssh/rc can run initialization routines. But there is no way > for sshrc to propagate changes to the environment to the user's > shell or command. > > There is, however, a possible way to do this. If the > PermitUserEnvironment option is set, sshd could treat the stdout of > sshrc as additional assignment lines of the form name=value. This > would permit sshrc to propagate propagate changes to the environment > to the user's shell or command. > > The specific problem I am trying to solve here is to use a > temporary, securely-created Xauthority file. If sshd were to read > the output of sshrc, then I could do it. E.g.: > > if read proto cookie && [ -n "$DISPLAY" ]; then > if xauth=`mktemp -t xauth-XXXXXXXXXX" 1>/dev/null`; then > XAUTHORITY=${xauth}; export "${XAUTHORITY}" > echo "XAUTHORITY=${XAUTHORITY}" > fi > if [ `echo "x${DISPLAY}" | cut -c1-11` = 'xlocalhost:' ]; then > # X11UseLocalhost=yes > echo add "unix:`echo $DISPLAY | cut -c11-`" ${proto} ${cookie} > else > # X11UseLocalhost=no > echo add "${DISPLAY}" "${proto}" "${cookie}" > fi | xauth -q - > fi > > Having sshd evaluate the output that sshrc produces (if > PermitUserEnvironment is set, that is) would enable this and other > "smart" initialization routines. > > Thoughts? (I.e., if I were to write a patch to implement this > feature, would it be accepted?)No one has commented on this proposal. I ask again: would a patch that produced the above behavior be accepted? I'm willing to code it (and bang it into acceptable shape), but if the OpenSSH authors oppose the underlying concept, then there's no point in bothering in the first place... -- James Ralston, Information Technology Software Engineering Institute Carnegie Mellon University, Pittsburgh, PA, USA