I've got the following problem: I try to push/set a EnvVariable via
ssh -o SendEnv=APITOKEN host
on the remote host is the following setup:
this line in /etc/ssh/sshd_config:
AcceptEnv LANG LC_* XMODIFIERS APITOKEN
in the authorized_keys we got the following:
command="bin/login XXX"
The Script login looks like:
#!/usr/bin/env bash
## Auto-Root Wrapper script
if [ -n "$1" ]; then
export REMOTE_USER=$1
fi
if [ -n "${SSH_ORIGINAL_COMMAND}" ]; then
# if there is an ssh command set, we check for known
# workarounds and then execute the command
case "${SSH_ORIGINAL_COMMAND}" in
scp\ *|rsync\ --server*|*/sftp-server)
logger -p auth.info -t $(basename $0) "user: $REMOTE_USER filetransfer: ${SSH_ORIGINAL_COMMAND}"
exec sudo /bin/sh -c "cd /root/;exec ${SSH_ORIGINAL_COMMAND}"
;;
*)
logger -p auth.info -t $(basename $0) "user: $REMOTE_USER shell command: ${SSH_ORIGINAL_COMMAND}"
sudo bash -s <<<${SSH_ORIGINAL_COMMAND}
;;
esac
else
# if there is no command, we will just return a login shell
logger -p auth.info -t $(basename $0) "user: $REMOTE_USER starting interactive shell"
if [ -e /etc/motd ]; then
cat /etc/motd
fi
sudo -i bash
fi
When i got my shell, i test if $APITOKEN is set, but it's empty. I don't know why. ssh -vvv give following:
debug1: Sending env APITOKEN = test
debug2: channel 0: request env confirm 0
debug3: send packet: type 98
Someone know a hint?
sudo "APITOKEN=$APITOKEN" ...
. See also the -H option to avoid thecd /root
. Now, what if the user doesssh host 'scp ;reboot'
or worse (includingscp somefile /etc/shadow
)? – Stéphane Chazelas Nov 21 '16 at 11:22sudo
wipes the environment clean. Best here would be to do without sudo. Just login as root in the first place. – Stéphane Chazelas Nov 21 '16 at 11:32PermitUserEnvironment no
in the remotesshd
's/etc/ssh/sshd_config
? – Christopher Nov 21 '16 at 14:56