AcceptEnv LANG LC_* vs available locales

Ingo Schwarze schwarze at usta.de
Mon Apr 25 22:23:06 AEST 2022


Hi Harald,

Harald Dunkel wrote on Mon, Apr 25, 2022 at 10:05:43AM +0200:

> forwarding LANG and LC_* variables to the peer seems to be only
> reasonable,

Absolutely not, what a terrible idea.

For an introduction to the topic, see

  https://undeadly.org/cgi?action=article&sid=20160308204011

The end of that article specifically discusses ssh(1).

> if the peer supports theses locales. Is there some
> workaround for this pitfall? Do you think the server could quietly
> ignore unknown locales?

Ignore it?  But if it does, then there is nothing it can safely do short
of rejecting the connection.

> Every helpful hint is highly appreciated

As discussed in the above writeup, the only way to make ssh(1)
connections safe it to manually make sure, *before connecting*,
that the same locale is set on both sides - ideally UTF-8.

A special case of that rule is that with OpenBSD *and* the default
OpenBSD xterm(1) configuration on the client side, it is always
safe to connect to other OpenBSD machines, no matter the configuration
on the server.

But even with an OpenBSD client and the default xterm(1) config,
connecting to other operating systems is never safe unless you make
sure you have an ASCII or UTF-8 locale set on the server *before
connecting*.  Forwarding locale variables won't help with that at all.

Yours,
  Ingo


More information about the openssh-unix-dev mailing list