[Bug 1285] provide fallback options /etc/ssh/ssh_config

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Apr 6 23:14:33 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=1285

--- Comment #17 from Damien Miller <djm at mindrot.org> ---
I've committed the "SendEnv -PATTERN" patch, but it doesn't resolve the
other part of the original request - that there be an easy way to
remove configuration that has been set by the system ssh_config after
~/.ssh/config has been set.

I'm not sure how best to do that generally, but it is possible now in a
slightly non-obvious way: when CanonicalizeHostname is enabled, the
configuration is parsed a second time and "match canonical" blocks are
parsed last. It should be possible to use these to clear any
environment variables that are undesired. Note that setting
CanonicalizeHostname=yes without setting any CanonicalDomains is almost
a no-op wrt hostname processing.

The root cause of this is that SendEnv differs from all (?) the other
config options by being additive rather than first-match-wins. I'm not
sure how fixable that is, since quite a few operating systems include
multiple SendEnv in their default configurations and making SendEnv
consider only the first matching directive would likely break them.

Maybe a proactive SendEnv ban like Flavio's patch is a good band-aid?
Please let me know whether what has been committed will solve your
current problems.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list