Bug#481647: sshd: does not execute .profile when command is specified
Package: openssh-server
Version: 1:4.7p1-8
Severity: normal
I recently upgraded my lenny system with the latest openssh-server and all my
remote invocation scripts broke!
It seems that sshd no longer sources the user's .profile before executing a
command. This means that, for example, there is now a difference between:
ssh somewhere
# command
and
ssh somewhere command
I do not believe that this can be related to the PermitUserEnvironment change as
that change happened some time ago and the man page for sshd_config does not
mention that this has any effect on .profile. Also, .bashrc is still sourced
so there is no possible security benefit to the change.
If this change is, for some reason, deliberate, it should be described in a
NEWS item as it breaks scripts for invoking commands on remote systems using
ssh.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_IE@euro, LC_CTYPE=en_IE@euro (charmap=ISO-8859-15) (ignored: LC_ALL set to en_IE@euro)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.107 add and remove users and groups
ii debconf [debconf-2.0] 1.5.21 Debian configuration management sy
ii dpkg 1.14.18 package maintenance system for Deb
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libcomerr2 1.40.8-2 common error description library
ii libkrb53 1.6.dfsg.3~beta1-4 MIT Kerberos runtime libraries
ii libpam-modules 0.99.7.1-6 Pluggable Authentication Modules f
ii libpam-runtime 0.99.7.1-6 Runtime support for the PAM librar
ii libpam0g 0.99.7.1-6 Pluggable Authentication Modules l
ii libselinux1 2.0.59-1 SELinux shared libraries
ii libssl0.9.8 0.9.8g-10 SSL shared libraries
ii libwrap0 7.6.q-15 Wietse Venema's TCP wrappers libra
ii lsb-base 3.2-11 Linux Standard Base 3.2 init scrip
ii openssh-client 1:4.7p1-8 secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages openssh-server recommends:
ii xauth 1:1.0.3-1 X authentication utility
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
Reply to: