We recently switched to OpenSSH from ssh 1.2.x and I quickly noticed that /etc/environment processing has gone AWOL. This patch adds a new sshd_config variable: SysEnvFile Specifies a file containing the system-wide default environment in ``VARNAME=value'' format (default is none.) The contents of a user's $HOME/.ssh/environment file, if found, will override vari- ables set within the SysEnvFile. There is already some AIX-specific code which reads in /etc/environment. I left that code alone for now, but it could probably be removed if this more general patch is accepted. Thanks, Adam Tilghman, UC San Diego -- Adam Tilghman | Systems Support / Academic Computing | +1 858 822 0711 agt at ucsd.edu | University of California, San Diego | fax +1 858 534 7018 --- cut here --- diff -r -c openssh-2.5.1p1/servconf.c openssh-2.5.1p1-1/servconf.c *** openssh-2.5.1p1/servconf.c Wed Feb 14 19:08:27 2001 --- openssh-2.5.1p1-1/servconf.c Thu Mar 1 15:45:03 2001 *************** *** 81,86 **** --- 81,87 ---- options->challenge_reponse_authentication = -1; options->permit_empty_passwd = -1; options->use_login = -1; + options->sys_environment_file = NULL; options->allow_tcp_forwarding = -1; options->num_allow_users = 0; options->num_deny_users = 0; *************** *** 210,216 **** sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, ! sUseLogin, sAllowTcpForwarding, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, --- 211,217 ---- sPasswordAuthentication, sKbdInteractiveAuthentication, sListenAddress, sPrintMotd, sIgnoreRhosts, sX11Forwarding, sX11DisplayOffset, sStrictModes, sEmptyPasswd, sRandomSeedFile, sKeepAlives, sCheckMail, ! sUseLogin, sSysEnvFile, sAllowTcpForwarding, sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, sMaxStartups, *************** *** 261,266 **** --- 262,268 ---- { "strictmodes", sStrictModes }, { "permitemptypasswords", sEmptyPasswd }, { "uselogin", sUseLogin }, + { "sysenvfile", sSysEnvFile }, { "randomseed", sRandomSeedFile }, { "keepalive", sKeepAlives }, { "allowtcpforwarding", sAllowTcpForwarding }, *************** *** 583,588 **** --- 585,594 ---- case sUseLogin: intptr = &options->use_login; goto parse_flag; + + case sSysEnvFile: + charptr = &options->sys_environment_file; + goto parse_filename; case sGatewayPorts: intptr = &options->gateway_ports; diff -r -c openssh-2.5.1p1/servconf.h openssh-2.5.1p1-1/servconf.h *** openssh-2.5.1p1/servconf.h Wed Feb 14 19:08:27 2001 --- openssh-2.5.1p1-1/servconf.h Thu Mar 1 15:46:40 2001 *************** *** 93,98 **** --- 93,99 ---- int permit_empty_passwd; /* If false, do not permit empty * passwords. */ int use_login; /* If true, login(1) is used */ + char *sys_environment_file; int allow_tcp_forwarding; u_int num_allow_users; char *allow_users[MAX_ALLOW_USERS]; diff -r -c openssh-2.5.1p1/session.c openssh-2.5.1p1-1/session.c *** openssh-2.5.1p1/session.c Sun Feb 18 11:13:34 2001 --- openssh-2.5.1p1-1/session.c Thu Mar 1 15:46:11 2001 *************** *** 1261,1266 **** --- 1261,1269 ---- /* read $HOME/.ssh/environment. */ if (!options.use_login) { + if (options.sys_environment_file != NULL) { + read_environment_file(&env, &envsize, options.sys_environment_file); + } snprintf(buf, sizeof buf, "%.200s/.ssh/environment", pw->pw_dir); read_environment_file(&env, &envsize, buf); diff -r -c openssh-2.5.1p1/sshd.8 openssh-2.5.1p1-1/sshd.8 *** openssh-2.5.1p1/sshd.8 Wed Feb 14 19:08:28 2001 --- openssh-2.5.1p1-1/sshd.8 Thu Mar 1 16:03:04 2001 *************** *** 669,674 **** --- 669,681 ---- file transfer subsystem. By default no subsystems are defined. Note that this option applies to protocol version 2 only. + .It Cm SysEnvFile + Specifies a file containing the system-wide default environment in + .Dq VARNAME=value + format (default is none.) The contents of a user's + .Pa $HOME/.ssh/environment + file, if found, will override variables set within the + .Cm SysEnvFile . .It Cm SyslogFacility Gives the facility code that is used when logging messages from .Nm sshd .