In /etc/ssh/sshd_config
, there is an option called AcceptEnv
that allows the ssh client to send environment variables. I need to be able to send a large number of environment variables. These change on every connection from the client, so putting them in a login script on the server would be more difficult.
I've read that "AcceptEnv *"
is insecure. I'd like to understand why before I try to get a list of all of the environment variables that are attempted to be set to put there.
Why is it considered insecure? Can I get an example?