FW: Environment passing in Solaris 8 with later versions of SSH a nd UseLogin=yes

Tue Oct 7 10:14:31 EST 2003

Hi,

I'm still hoping that some-one can offer a solution to this issue....

Anyone?

> I've got the following issue, which I'm unable to resolve by 
> myself.  Hopefully, someone on the list will be able to guide 
> me, or provide more information towards resolving this.
> 
> We've compiled OpenSSH v3.7.1p1 (which I know is not the most 
> recent version) on Solaris 8 SPARC, and have noticed that 
> when the "UseLogin=yes" parameter is set in the sshd_config 
> file, the environment which SSH builds for the child shell 
> isn't making into the shell.  When running both client and 
> server in debug mode, I can see the following when the client 
> attempts to login: (the JRT lines are my attempting to trace 
> the program execution flow)
> 
> debug1: Authentication succeeded (publickey).
> debug1: channel 0: new [client-session]
> debug1: Entering interactive session.
> debug1: JRT-03: do_pre_login
> debug1: JRT-04: do_child
> Environment:
>   TZ=NZ
>   SSH_CLIENT=xxx.xx.xx.xxx 34811 2222
>   SSH_CONNECTION=xxx.xx.xx.xxx 34811 xxx.xx.xx.xx 2222
>   SSH_TTY=/dev/pts/6
>   TERM=xterm
> debug1: JRT-05: launch_login
> 
> However, if I then query the environment of the logged in 
> process, none of the variables have been set properly, thus:
> 
> user at host:~$ echo $SSH_CLIENT
> 
> user at host:~$ echo $SSH_TTY
> 
> user at host:~$ echo $TERM
> sun
> 
> I don't mind the loss of SSH_CLIENT and SSH_TTY; but the fact 
> that my TERM is not being set correctly is causing all sorts 
> of problems.
> 
> This DOES work in OpenSSH 3.0p1, with the same configuration 
> file.  Turning UseLogin OFF in OpenSSH 3.7.1p1 also works; 
> but causes other issues with Solaris password aging, so isn't 
> an option (madated by our Information Security people).  This 
> has been tested on the SAME machine in the SAME interactive 
> session, so I know it isn't an issue with different OS / 
> build / runtime factors.
> 
> As far as I can tell, the environment etc is all done in 
> "session.c".  I've looked at the code to the best of my 
> ability (I'm not a C guru, but can do basic things), and the 
> two versions of code is doing much the same stuff:
> 
> 1.  Define char **env
> 2.  Define "extern char **environ", which I assume will reach 
> the environment setup by the C RTL.
> 3.  Populate "env" by various calls to child_set_env (which 
> in OpenSSH 3.7.1p1 is called in another routine, by env = 
> do_setup_env - is this the problem??)
> 4.  "environ = env", which I assume will set the external 
> environment to the newly defined environment stored in "env".
> 5.  Call "execl(LOGIN_PROGRAM, "login", "-h", hostname, "-p" 
,"-f", "--", pw-<pw_name, (char *) NULL)" to exec the login > process.  The
"-p" flag is supposed to get login to read the 
> current environment.
> 
> Hints / Help / Suggestions all welcome.  Solutions are 
> preferred  <grin>.
> 
> Please ensure any responses are cc'ed to myself directly as 
> well as the list, as I'm not a subscriber to the list 
> currently (too many viruses on the list!)
> 
> Thanks in advance,
> 
> James Roberts-Thomson
> Senior Systems Engineer	DDI +64 4 494 4436
> Infrastructure Projects	Tel +64 4 494 4000
> The National Bank of New Zealand Limited	Fax +64 4 802 8509

This communication is confidential and may contain privileged material.
If you are not the intended recipient you must not use, disclose, copy or retain it.
If you have received it in error please immediately notify me by return email
and delete the emails.
Thank you.