[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#573316: request for new UnSendEnv directive (or change SendEnv)

Package: openssh-client
Version: 1:5.3p1-3
Severity: wishlist

The SendEnv directive is particular in the fact that it cannot be
overriden, and the feature is documented. Indeed the ssh_config(5)
man page says:

     SendEnv
             Specifies what variables from the local environ(7)
             should be sent to the server.  Note that environ-
             ment passing is only supported for protocol 2.
             The server must also support it, and the server
             must be configured to accept these environment
             variables.  Refer to AcceptEnv in sshd_config(5)
             for how to configure the server.  Variables are
             specified by name, which may contain wildcard
             characters.  Multiple environment variables may be
             separated by whitespace or spread across multiple
                                        ^^^^^^^^^^^^^^^^^^^^^^
             SendEnv directives.  The default is not to send
             ^^^^^^^^^^^^^^^^^^
             any environment variables.

This makes difficult to cancel environment variable passing. For
instance, Debian has "SendEnv LANG LC_*" in its /etc/ssh/ssh_config
and the only way for a user to disable that is to use the -F option
with his own config file. Moreover it is not possible to specify
a SendEnv directive *except* for some host(s) (note that negated
patterns work on pattern-lists only, not on Host).

A solution would be an UnSendEnv directive. An environment variable
would be sent to the server only if it is specified by SendEnv but
not by UnSendEnv.

Alternativement, SendEnv could be changed to behave like the other
directives: only the first one would be taken into account. But this
could break existing config files.

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.ISO8859-1 (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser                3.112             add and remove users and groups
ii  debconf [debconf-2.0]  1.5.28            Debian configuration management sy
ii  dpkg                   1.15.5.6          Debian package management system
ii  libc6                  2.10.2-6          Embedded GNU C Library: Shared lib
ii  libedit2               2.11-20080614-1   BSD editline and history libraries
ii  libgssapi-krb5-2       1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries - k
ii  libssl0.9.8            0.9.8m-2          SSL shared libraries
ii  passwd                 1:4.1.4.2-1       change and administer password and
ii  zlib1g                 1:1.2.3.4.dfsg-3  compression library - runtime

Versions of packages openssh-client recommends:
ii  openssh-blacklist             0.4.1      list of default blacklisted OpenSS
ii  openssh-blacklist-extra       0.4.1      list of non-default blacklisted Op
ii  xauth                         1:1.0.4-1  X authentication utility

Versions of packages openssh-client suggests:
pn  keychain                      <none>     (no description available)
pn  libpam-ssh                    <none>     (no description available)
pn  ssh-askpass                   <none>     (no description available)

-- no debconf information
Reply to: