-1

I'd like to know how to make the remote user name available in an ssh session on my server. So when joe@host1 logs in as commonuser@server1, the scripts running on server1 running as commonuser will know that the person running them is actually joe.

  1. I tried SendEnv / AcceptEnv without luck. I even looked at SSH debug output and it looked like the environment variable was sent, but when I do

    echo $REMOTE_USER

    I see empty string.

  2. I would also like this to be working even if joe is less cooperative, for example when he refuses to set the REMOTE_USER variable.

Gergely Nagy
  • 1
  • 1
  • 1
    What are you trying to accomplish with this? It would seem to be more reasonable to simply let joe log in as joe, and handle commonalities with things like groups. – Spooler Aug 22 '18 at 19:22
  • There is no way to do this where you can actually trust that the information is authentic. Other than using unique ssh keys for each remote user, but then again the users can change their own keys... Don't use shared accounts, even on jumpboxes. – Michael Hampton Aug 22 '18 at 19:42
  • @Spooler: No, it won't work. We have hosts where we do not want to have multiple users. These are actually on-board computers for robots. This does not have to be extremely secure, the point is to prevent accidental cross-user operations (like user joe commits a quickfix into git as the common user, or in the name some other user.) – Gergely Nagy Aug 23 '18 at 10:54

1 Answers1

3

If you want to connect multiple remote persons to the same local user account, you should use SSH keys and have each user use their own key.

This allows you to identify the key used to login (see this question for more details). Without keys, you can't identify the remote user at all.

If you set PermitUserEnvironment=yes in /etc/ssh/sshd_config, you then can also force an environment variable in the ~/.ssh/authorized_keys file like so: 

cat ~/.ssh/authorized_keys

environment="REMOTE_USER=joe@remote1" ssh-dss AAAAB3Nza......

(See man sshd for more information about authorized_keys and man sshd_config).

Sven
  • 97,248
  • 13
  • 177
  • 225