James Ralston
2005-Feb-07 18:18 UTC
treat output of sshrc as environment assignment lines?
Currently, ~/.ssh/environment can set static environment variables,
and ~/.ssh/rc can run initialization routines. But there is no way
for sshrc to propagate changes to the environment to the user's shell
or command.
There is, however, a possible way to do this. If the
PermitUserEnvironment option is set, sshd could treat the stdout of
sshrc as additional assignment lines of the form name=value. This
would permit sshrc to propagate propagate changes to the environment
to the user's shell or command.
The specific problem I am trying to solve here is to use a temporary,
securely-created Xauthority file. If sshd were to read the output of
sshrc, then I could do it. E.g.:
if read proto cookie && [ -n "$DISPLAY" ]; then
if xauth=`mktemp -t xauth-XXXXXXXXXX" 1>/dev/null`; then
XAUTHORITY=${xauth}; export "${XAUTHORITY}"
echo "XAUTHORITY=${XAUTHORITY}"
fi
if [ `echo "x${DISPLAY}" | cut -c1-11` = 'xlocalhost:' ];
then
# X11UseLocalhost=yes
echo add "unix:`echo $DISPLAY | cut -c11-`" ${proto} ${cookie}
else
# X11UseLocalhost=no
echo add "${DISPLAY}" "${proto}" "${cookie}"
fi | xauth -q -
fi
Having sshd evaluate the output that sshrc produces (if
PermitUserEnvironment is set, that is) would enable this and other
"smart" initialization routines.
Thoughts? (I.e., if I were to write a patch to implement this
feature, would it be accepted?)
--
James Ralston, Information Technology
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
James Ralston
2005-Feb-15 20:16 UTC
treat output of sshrc as environment assignment lines?
On 2005-02-07 at 13:18-05 James Ralston <qralston+ml.openssh-unix-dev at andrew.cmu.edu> wrote:> Currently, ~/.ssh/environment can set static environment variables, > and ~/.ssh/rc can run initialization routines. But there is no way > for sshrc to propagate changes to the environment to the user's > shell or command. > > There is, however, a possible way to do this. If the > PermitUserEnvironment option is set, sshd could treat the stdout of > sshrc as additional assignment lines of the form name=value. This > would permit sshrc to propagate propagate changes to the environment > to the user's shell or command. > > The specific problem I am trying to solve here is to use a > temporary, securely-created Xauthority file. If sshd were to read > the output of sshrc, then I could do it. E.g.: > > if read proto cookie && [ -n "$DISPLAY" ]; then > if xauth=`mktemp -t xauth-XXXXXXXXXX" 1>/dev/null`; then > XAUTHORITY=${xauth}; export "${XAUTHORITY}" > echo "XAUTHORITY=${XAUTHORITY}" > fi > if [ `echo "x${DISPLAY}" | cut -c1-11` = 'xlocalhost:' ]; then > # X11UseLocalhost=yes > echo add "unix:`echo $DISPLAY | cut -c11-`" ${proto} ${cookie} > else > # X11UseLocalhost=no > echo add "${DISPLAY}" "${proto}" "${cookie}" > fi | xauth -q - > fi > > Having sshd evaluate the output that sshrc produces (if > PermitUserEnvironment is set, that is) would enable this and other > "smart" initialization routines. > > Thoughts? (I.e., if I were to write a patch to implement this > feature, would it be accepted?)No one has commented on this proposal. I ask again: would a patch that produced the above behavior be accepted? I'm willing to code it (and bang it into acceptable shape), but if the OpenSSH authors oppose the underlying concept, then there's no point in bothering in the first place... -- James Ralston, Information Technology Software Engineering Institute Carnegie Mellon University, Pittsburgh, PA, USA