SSH_ORIGINAL_COMMAND variable not getting set
Look in /etc/profile and other init scripts (~/.bashrc etc) - those are some things which set environment variables.
Remember that you need a ". " in place of scripts if you want their environment settings they set up to "stick".
Related videos on Youtube
dtg
Updated on September 18, 2022Comments
-
dtg almost 2 years
I am working with two servers, both of which run FreeBSD 8.4-RELEASE-p1 and OpenSSH_6.1p1. Both servers'
ssh_config
files, located in/etc/ssh
, are identical. Both servers are configured to allow users to remote into a jailed environment using SSH.As a test, I logged into a test user's jail using SSH keys on both servers, using the following command:
ssh -i ~/.ssh/private_key [email protected] hello
And the
authorized_keys
file in both cases specifies the following command to be run after authentication, prepended to the public key (permissions are the same on both servers):command="~/test.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
Where
test.sh
simply performs the following operation:#!/bin/sh echo SSH_ORIGINAL_COMMAND = $SSH_ORIGINAL_COMMAND
On one server, the output from the above
sh
script shows the following:SSH_ORIGINAL_COMMAND = hello
But on the other server, the result appears not to get stored in SSH_ORIGINAL_COMMAND
SSH_ORIGINAL_COMMAND =
The behavior is the same for the respective server for each user jail. My question is - what other configuration would I need to allow the
SSH_ORIGINAL_COMMAND
variable to be set after authentication in the case of the second server?-
citrin almost 10 yearsTry to add
env
command to test.sh to see if other SSH_* variables are set -
dtg almost 10 yearsThanks. It appears that the
env
command is not accessible via the user jails. -
chutz over 8 yearsHave you compared the
/etc/ssh/sshd_config
files on both servers? -
Adam Katz almost 8 yearsIf you put
env |grep -i ssh
into that second server's test.sh script, what environment variables are found? Is there a difference between SSH server versions or configurations on the two systems? -
chutz over 7 years@Dylan: If
env
is not available, you can useset
with similar success. It is a shell built-in and would work inside the jail. -
ptman almost 7 yearsIt seems that SSH_ORIGINAL_COMMAND is set if you have a forced command. Do both servers actually read the authorized_keys file? sources.debian.net/src/openssh/1:7.5p1-5/session.c
-