Setting a variable for a given SSH host

Question

In ssh_config, one can choose to export some environment variables to the host using SendEnv.

Is there also a way to force a given value for this variable, per host? For example, would it be possible to export variable $FOO with value bar only when connecting to host example.com?

Related: [How can I pass an environment variable through an ssh command?](https://superuser.com/q/48783/87805) — kenorb, Jun 12 '19 at 10:31

score 25 · Accepted Answer · answered Feb 27 '13 at 07:30

25

You can't give a specific value for an environment variable in ssh_config, but you can certainly send the existing environment variable only to specific hosts.

Host example.com
    SendEnv FOO

To complete the chain:

FOO=bar ssh user@example.com

Finally, the remote server must have the environment variable listed in AcceptEnv in its sshd_config.

AcceptEnv FOO

answered Feb 27 '13 at 07:30

Michael Hampton

237,123
42
477
940

WHAT is precisely what you'd like to avoid? – Michael Hampton Feb 27 '13 at 07:32
1

Having to write an alias in order to send a variable with a given value. – raphink Feb 27 '13 at 07:35
Sorry, not much else you can do... unless you can get the computer to read your mind. :) – Michael Hampton Feb 27 '13 at 07:38
6

Thanks for confirming my suspicions though ;-) What I'd have liked would been something like `SetVar FOO='bar'` in `ssh_config` ;) – raphink Feb 27 '13 at 07:38
3

The recurring case for me is that old systems don't support `TERM=tmux-256color` so I'd like a fallback per remote host (with wildcards). – Jed Jun 11 '19 at 15:01
1

Just a note for anyone else who runs into this (since this is one of the top search results for sshd and `SendEnv`) -- if you're caching your ssh connections using `ControlPersist`, ONLY the `SendEnv` variables from the INITIAL connection will exist. If you want to chain multiple discrete `ssh` commands with different `SendEnv` vars, you cannot use `ControlPersist` (afaict) – Daryl Banttari Oct 09 '19 at 16:39

kenorb · Answer 2 · 2019-10-27T14:46:43.673

17

You can give a specific value by using SetEnv in your ~/.ssh/config, e.g.

Host *
  SetEnv FOO=bar

As per man ssh_config:

Directly specify one or more environment variables and their contents to be sent to the server. Similarly to SendEnv, the server must be prepared to accept the environment variable.

Assuming your server got the following line in /etc/ssh/sshd_config:

AcceptEnv LANG LC_* FOO

Check also: man ssh_config and man sshd_config.

edited Oct 27 '19 at 14:46

answered Jun 12 '19 at 11:47

kenorb

5,943
1
44
53

9

Note for the puzzled reader (like myself, when I first read this): This is new since OpenSSH 7.8, released in August of 2018, and it will take a while for it to become available to the average user through OS updates. (But once it does become common, it will be by far the best solution to the problem) – Irfy Jul 16 '19 at 09:37

score 1 · Answer 3 · answered Feb 27 '13 at 07:39

1

You can set per host config values using .ssh/config file. For example:

Host example.com
SendEnv FOO

Note that server must also support it.

answered Feb 27 '13 at 07:39

user156525

336
2
3

score 1 · Answer 4 · answered Jan 10 '19 at 09:05

1

Another idea is to set the environment variables in the ssh command and run an interactive shell, eg. i'm trying to invoke an interactive shell with env-var 'MANWIDTH':

ssh example.com 'MANWIDTH=120 bash -li'

answered Jan 10 '19 at 09:05

huch

131
4

score 0 · Answer 5 · answered Nov 20 '20 at 03:21

I want to highlight the SendEnv / AcceptEnv answer and a different way to trigger it.

user1@host1 $ export LC_SECRET="pencil"
user1@host1 $ export LC_MAGIC="xyzzy"
user1@host1 $ ssh -o "SendEnv LC_*" user2@host2
user2@host2 $ echo $LC_SECRET
pencil
user2@host2 $ echo $LC_MAGIC
xyzzy

What's happening here is we're declaring environment variables called LC_SECRET and LC_MAGIC. We've requested to send both LC_SECRET and LC_MAGIC to the remote host using SendEnv. The remote host will accept it because it has the following rule in /etc/ssh/sshd_config:

AcceptEnv LANG LC_*

This is, obviously an exploit of the remote system that automatically accepts the LANG environment variable or ANY environment variable starting with LC_.

Hence, why I named my variables LC_SECRET and LC_MAGIC.

If you want to do it properly, the remote system will require sudo access for you to modify /etc/ssh/sshd_config to append other environment variables.

score 0 · Answer 6 · answered Feb 03 '22 at 11:21

0

To send a different value of the env variable than the value of the env in the shell:

Host host
    ProxyCommand ENV=value ssh -W [%h]:%p
    SendEnv ENV

answered Feb 03 '22 at 11:21

BacLuc

1

Setting a variable for a given SSH host

6 Answers6