10

I am working with two servers, both of which run FreeBSD 8.4-RELEASE-p1 and OpenSSH_6.1p1. Both servers' ssh_config files, located in /etc/ssh, are identical. Both servers are configured to allow users to remote into a jailed environment using SSH.

As a test, I logged into a test user's jail using SSH keys on both servers, using the following command:

ssh -i ~/.ssh/private_key test-user@server.mydomain.com hello

And the authorized_keys file in both cases specifies the following command to be run after authentication, prepended to the public key (permissions are the same on both servers):

command="~/test.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

Where test.shsimply performs the following operation:

#!/bin/sh

echo SSH_ORIGINAL_COMMAND = $SSH_ORIGINAL_COMMAND

On one server, the output from the above sh script shows the following:

SSH_ORIGINAL_COMMAND = hello

But on the other server, the result appears not to get stored in SSH_ORIGINAL_COMMAND

SSH_ORIGINAL_COMMAND =

The behavior is the same for the respective server for each user jail. My question is - what other configuration would I need to allow the SSH_ORIGINAL_COMMAND variable to be set after authentication in the case of the second server?

dtg
  • 201
  • 2
  • 3
  • Try to add `env` command to test.sh to see if other SSH_* variables are set – citrin Sep 17 '14 at 17:35
  • Thanks. It appears that the `env` command is not accessible via the user jails. – dtg Sep 20 '14 at 00:02
  • Have you compared the `/etc/ssh/sshd_config` files on both servers? – chutz Mar 21 '16 at 18:23
  • If you put `env |grep -i ssh` into that second server's test.sh script, what environment variables are found? Is there a difference between SSH server versions or configurations on the two systems? – Adam Katz Aug 29 '16 at 22:20
  • 2
    @Dylan: If `env` is not available, you can use `set` with similar success. It is a shell built-in and would work inside the jail. – chutz Oct 10 '16 at 14:03
  • It seems that SSH_ORIGINAL_COMMAND is set if you have a forced command. Do both servers actually read the authorized_keys file? https://sources.debian.net/src/openssh/1:7.5p1-5/session.c/ – ptman Aug 25 '17 at 08:46

1 Answers1

1

Look in /etc/profile and other init scripts (~/.bashrc etc) - those are some things which set environment variables.

Remember that you need a ". " in place of scripts if you want their environment settings they set up to "stick".

cnd
  • 59
  • 3