search for: acceptenv

I've been looking for a while and can't figure out for sure if variables allowed by AcceptEnv are readable by a PAM module. I looked through the openssh source code and found a few calls to pam_putenv(), which looks like the relevant call, but I don't see anything that would copy over AcceptEnv variables. Am I correct that the variables are not available to PAM? I'm guessing...

Hi OpenSSH folks-- this is more of a configuration question than a development question, i think, but: Are there any caveats worth being aware of about including the TZ variable in AcceptEnv for sshd_config by default? I don't see any particular risk, but if there are gotchas people know about, i'd be happy to be made aware of them. Regards, --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signatu...

...following sshd_config: AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes GSSAPIStrictAcceptorCheck no GSSAPIStoreCredentialsOnRekey yes UsePAM yes X11Forwarding yes UseDNS no Subsystem sftp /usr/lib/ssh/sftp-server AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL /etc/pam.d/sshd directs to the default pam.d configurations. -- Viele Gr??e Andreas Hauffe

...m There are several directives that allow multiple values to be configured. This is mostly done by space or comma separating them. The ListenAddress and Port directives however accept only a single value. In order to configure multiple values, the directive should be used multiple times. Consider AcceptEnv: "Multiple environment variables may be separated by whitespace or spread across multiple AcceptEnv directives". If the configuration was done like AcceptEnv it would not break current configs, and the inconsistency would be fixed. FYI the reason I'm looking to have this patched...

..._host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key SyslogFacility AUTHPRIV #LogLevel INFO RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL X11Forwarding yes Subsystem sftp /usr/libexec/openssh/sftp-server 192.168.0.2 (copssh) sshd_conf: Protocol 2 SyslogFacility AUTH...

...NETARY LC_MESSAGES > SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT > SendEnv LC_IDENTIFICATION LC_ALL > /etc/ssh/sshd_config > Protocol 2 > PasswordAuthentication no > UsePAM yes > X11Forwarding yes > Subsystem sftp /usr/lib64/ssh/sftp-server > AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES > AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT > AcceptEnv LC_IDENTIFICATION LC_ALL And then from home: > /etc/ssh/ssh_config > Host * > ForwardX11Trusted yes > Protocol 2 > SendEnv L...

https://bugzilla.mindrot.org/show_bug.cgi?id=2386 Bug ID: 2386 Summary: TERM env variable is always accepted by sshd, regardless the empty AcceptEnv setting Product: Portable OpenSSH Version: 6.8p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Documentation Assignee: unassigned-bugs at mindrot.org Re...

Hi! I'm experimenting with migrating the custom sshd_config settings for our (Debian bullseye, openssh-server 8.4) server environment into fragments under sshd_config.d/, and am wondering about sshd's behaviour when encountering multiple AllowGroup lines. The manual states "For each keyword, the first obtained value will be used.", so that gives me the impression that any

Hi I thought this was something that might concern the developers so I thought I'd post here. Apologies in advance if that's not the case. I'm setting up a CentOS cluster with OpenSSH_4.3p2 which uses ssh to launch processes on the remote nodes. I'm trying to use the SendEnv/AcceptEnv functionality to send the PATH environment variable from the headnode when users are launching jobs on remote nodes, since everything is cross-mounted and therefore in the same place. However, for some reason it's being overwritten on the remote nodes with some kind of default value, which I a...

...dubacq1 at free.fr Created an attachment (id=1332) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1332) client-sent environment overrides PAM-read environment This bug has been reported and discussed in the Debian BTS, see bugs #313317 and #408029 there. The environment variables sent by AcceptEnv/SendEnv functionalities should take precedence over PAM variable settings, especially for locale and terminal related settings (or commands that are locale-sensitive or terminal sensitive might give incomprehensible gibberish as output to the user). TERM is already managed in a special way, but not...

...etting ChallengeResponseAuthentication no debug3: /etc/ssh/sshd_config:111 setting UsePAM no /etc/ssh/sshd_config line 111: Unsupported option UsePAM debug3: /etc/ssh/sshd_config:116 setting X11Forwarding no debug3: /etc/ssh/sshd_config:129 setting UseDNS no debug3: /etc/ssh/sshd_config:140 setting AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES debug3: /etc/ssh/sshd_config:141 setting AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT debug3: /etc/ssh/sshd_config:142 setting AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE debug3: /etc/ssh/sshd_config:143 settin...

...to this: # File: /etc/ssh/sshd_config port NNN10 protocol 2 SyslogFacility AUTHPRIV AllowUsers non-root root at 127.0.0.1 administrator at 127.0.0.1 PasswordAuthentication yes PermitEmptyPasswords no ChallengeResponseAuthentication no GSSAPIAuthentication yes GSSAPICleanupCredentials yes UsePAM yes AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE AcceptEnv XMODIFIERS X11Forwarding no Banner /etc/issue.net Subsystem sftp /usr/libexec/openssh/sftp-server # End of File...

https://bugzilla.mindrot.org/show_bug.cgi?id=2282 Bug ID: 2282 Summary: When group member count exceeds 126, config reliant fails Product: Portable OpenSSH Version: 5.3p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sftp-server

...legeseparation yes pidfile /var/run/sshd.pid xauthlocation /usr/bin/xauth authorizedkeysfile .ssh/authorized_keys authorizedkeysfile2 .ssh/authorized_keys2 loglevel INFO syslogfacility AUTH hostkey /etc/openssh/ssh_host_key hostkey /etc/openssh/ssh_host_rsa_key hostkey /etc/openssh/ssh_host_dsa_key acceptenv DISPLAY acceptenv X_ORIGINATING_HOST acceptenv LANG acceptenv LC_* subsystem sftp /usr/libexec/sftp-server maxstartups 10:100:10 permittunnel no permitopen Bringing the UNKNOWNs into greater clarity with a few debugging printf()s (the number is the opcode number, of course): UNKNOWN opcode name(1...

...legeseparation yes pidfile /var/run/sshd.pid xauthlocation /usr/bin/xauth authorizedkeysfile .ssh/authorized_keys authorizedkeysfile2 .ssh/authorized_keys2 loglevel INFO syslogfacility AUTH hostkey /etc/openssh/ssh_host_key hostkey /etc/openssh/ssh_host_rsa_key hostkey /etc/openssh/ssh_host_dsa_key acceptenv DISPLAY acceptenv X_ORIGINATING_HOST acceptenv LANG acceptenv LC_* subsystem sftp /usr/libexec/sftp-server maxstartups 10:100:10 permittunnel no permitopen Bringing the UNKNOWNs into greater clarity with a few debugging printf()s (the number is the opcode number, of course): UNKNOWN opcode name(1...

On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"

Hi, is there a regular way that a subsystem process (sftpserver here) inherits environment variables from its parent (sshd)? Namely LANG and LC_* variables. In my case it's important to get the variable of hosting environment and not from client side (AcceptEnv). Regards Martin -- Registered Linux User #87175, http://linuxcounter.net

Hi, I'm using openssh 4.4 I'm trying to develop a new SSH appliance, but I need some parameters from client. In client I setup new record in the structure options that I think are passed to server. Where is the structure of the server where stored client options? Thanks -- Vincenzo Sciarra

https://bugzilla.mindrot.org/show_bug.cgi?id=1504 Summary: Allow the user to change the environment in a secure way Product: Portable OpenSSH Version: 5.1p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: unassigned-bugs

Thank you for you help. I tried your tips but the problem remains. Example: $ echo "SendEnv LANG LC_ALL" > ~/.ssh/config $ LANG=C; export LANG; LC_ALL=C; export LC_ALL $ ssh aa at quercy You are required to change your password immediately (root enforced) Last login: Fri Oct 30 15:02:34 2015 from quercy WARNING: Your password has expired. You must change your password now and login