Funnies with SendEnv client config
Adam Majer
amajer at suse.de
Wed Aug 17 21:39:42 AEST 2022
Hi all,
So, just wanted to raise the discussion about SendEnv again and how it's
one options that doesn't follow the rest of the config parsing in OpenSSH.
Looking at the archive, this was raised previously,
https://marc.info/?l=openssh-unix-dev&m=153069719521988
but there is some opposition due to embedded workflows,
https://marc.info/?l=openssh-unix-dev&m=153070064923285
The main issue is that it's becoming more difficult for users or even
system admins, to override package defaults. Distributions are moving
towards /usr/etc + /etc separation. Package defaults enabling SendEnv
become stuck and unchangeable.
Would it be acceptable to have compile-time flag that allows SendEnv to
be treated like any other config parameter?
Alternatively, if compile-time flag is not optimal, maybe a syntax like,
SendEnv *- env1 env2 ...
could indicate to stop parsing following entries of SendEnv and only
apply the current line? Basically, clear all and send this and ignore
the following SendEnv in other sections. This would allow local user
overrides and I would not expect this syntax to be used much in the wild.
Regarding line length raised in opposition to treating SendEnv as
regular paramter, I don't actually view this as a significant hurdle. We
have editors that can wrap long lines without embedding \n. But YMMV.
- Adam
More information about the openssh-unix-dev
mailing list