patch - forceshell

Don Mahurin dmahurin at
Sat Oct 6 02:41:57 EST 2001

Damien Miller wrote:

> > I don't want any magic.  With a shell= auth param, the client side
> > users need to know nothing, and can use unmodified ssh clients.
> I don't see the need for modified ssh clients and I can see why

The patch was a simple server side change. Ordinary ssh clients can be used with this.

You are proposing that instead, the shell ( or wrapper ) must be modified to understand the env var.

With the submitted patch, you could  forget about what is in /etc/passwd, and even do something like shell="/bin/csh.".

With your suggestion, you would need to do command=csh_ssh_command, with csh_ssh_command
being '#!/bin/sh\ncsh $SSH_ORIGINAL_COMMAND'

Even simpler, knowing how ssh works, instead of shell="/bin/csh",
you could do shell="echo $SSH_ORIGINAL_COMMAND | /bin/csh".

But this reliance on SSH_ORIGINAL_COMMAND is somewhat sloppy and could break with an ssh change.
(Imagine if ssh's problem of unquoting commands was fixed).


More information about the openssh-unix-dev mailing list