[Bug 3142] New: ProxyCommand should not depend on SHELL environment variable.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Mar 28 22:40:56 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3142
Bug ID: 3142
Summary: ProxyCommand should not depend on SHELL environment
variable.
Product: Portable OpenSSH
Version: 8.0p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: penguin-kernel at I-love.SAKURA.ne.jp
(Sorry if this problem does not apply to upstream latest version.)
I noticed that /usr/bin/ssh in RHEL6/7/8 depends on SHELL environment
variable when invoking external command specified in ProxyCommand.
I tried to call
/usr/bin/ssh -nT -i /path/to/key -o 'ProxyCommand nc -x
proxy_host:proxy_port %h %p' target_user at target_host command
from Apache's CGI program, but this request failed because $SHELL
environment variable was set to /sbin/nologin because Apache's login
shell is "/sbin/nologin").
While it is unlikely that users specify shell-specific commands as
ProxyCommand, I suspect that /usr/bin/ssh uses $SHELL when executing
ProxyCommand is what users want.
(ProxyCommand can be used in /etc/ssh/ssh_config which is a system-wide
configuration, but its interpretation depends on $SHELL which is a
per-user/process configuration. This might sound strange.)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list