[Bug 3247] SendEnv exclusion doesn't work as documented

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Feb 26 23:28:02 AEDT 2021 

https://bugzilla.mindrot.org/show_bug.cgi?id=3247

--- Comment #3 from Guilhem <guilhem at fripost.org> ---
(In reply to Damien Miller from comment #2)
> Yes, it is intended behaviour and follows the option resolution
> ordering mentioned at the start of the ssh_config man page.

I see, should I rename this issue into a documentation clarification
request for SendEnv/SetEnv then?

> It's not really friendly unfortunately and that's a consequence of
> the mistake I made when originally implementing SendEnv of allowing
> multiple SendEnv directives to concatenate results. It's too late to
> fix this without causing widespread incompatibility though.
> 
> As far as achieving what you want to do, putting this in your
> ~/.ssh/config should do the trick:
> 
> Match final
>    SendEnv -whatever
> 
> Unfortunately there's no nice way to do this on the command-line

As far as I'm concerned a ssh_config snippet would do, but
unfortunately I'm unable to get the above to work.  The distro-provided
/etc/ssh/ssh_config contains

    Host *
      SendEnv LANG LC_*

(With a matching `AcceptEnv` setting in /etc/ssh/sshd_config.)  I'd
like to add a custom Host/Match block in ~/.ssh/config to clear locales
(or set to C) for a subset of selected hosts.  But even with the
following ~/.ssh/config

    Match final
      SendEnv -LC_*
      SendEnv -LC_TIME
      SendEnv -LANG

LANG, LC_TIME, LC_PAPER etc. are sent along.  The debug log contains

    debug3: …/.ssh/config line 2: removing environment LC_*
    debug3: …/.ssh/config line 4: removing environment LANG
    debug3: Ignored env LANGUAGE
    debug1: Sending env LC_PAPER = sv_SE.UTF-8
    debug1: Sending env LANG = en_US.UTF-8
    debug1: Sending env LC_MEASUREMENT = sv_SE.UTF-8
    debug1: Sending env LC_TIME = C.UTF-8

AFAICT the `Match final` tricks works when I remove the `SendEnv LANG
LC_*` from /etc/ssh/ssh_config and add it to ~/.ssh/config instead, but
I'd prefer to preserve the system-provided configuration file and
override in ~/.ssh/config instead, like for boolean settings
PasswordAuthentication, CheckHostIP etc.  Is there a way to override in
~/.ssh/config a SendEnv setting defined in /etc/ssh/ssh_config?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list