[Bug 3142] New: ProxyCommand should not depend on SHELL environment variable.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Mar 28 22:40:56 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3142

            Bug ID: 3142
           Summary: ProxyCommand should not depend on SHELL environment
                    variable.
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: penguin-kernel at I-love.SAKURA.ne.jp

(Sorry if this problem does not apply to upstream latest version.)

I noticed that /usr/bin/ssh in RHEL6/7/8 depends on SHELL environment
variable when invoking external command specified in ProxyCommand.

I tried to call

  /usr/bin/ssh -nT -i /path/to/key -o 'ProxyCommand nc -x
proxy_host:proxy_port %h %p' target_user at target_host command

from Apache's CGI program, but this request failed because $SHELL
environment variable was set to /sbin/nologin because Apache's login
shell is "/sbin/nologin").

While it is unlikely that users specify shell-specific commands as
ProxyCommand, I suspect that /usr/bin/ssh uses $SHELL when executing
ProxyCommand is what users want.
(ProxyCommand can be used in /etc/ssh/ssh_config which is a system-wide
configuration, but its interpretation depends on $SHELL which is a
per-user/process configuration. This might sound strange.)

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list