AcceptEnv LANG LC_* vs available locales
Ingo Schwarze
schwarze at usta.de
Mon Apr 25 22:23:06 AEST 2022
Hi Harald,
Harald Dunkel wrote on Mon, Apr 25, 2022 at 10:05:43AM +0200:
> forwarding LANG and LC_* variables to the peer seems to be only
> reasonable,
Absolutely not, what a terrible idea.
For an introduction to the topic, see
https://undeadly.org/cgi?action=article&sid=20160308204011
The end of that article specifically discusses ssh(1).
> if the peer supports theses locales. Is there some
> workaround for this pitfall? Do you think the server could quietly
> ignore unknown locales?
Ignore it? But if it does, then there is nothing it can safely do short
of rejecting the connection.
> Every helpful hint is highly appreciated
As discussed in the above writeup, the only way to make ssh(1)
connections safe it to manually make sure, *before connecting*,
that the same locale is set on both sides - ideally UTF-8.
A special case of that rule is that with OpenBSD *and* the default
OpenBSD xterm(1) configuration on the client side, it is always
safe to connect to other OpenBSD machines, no matter the configuration
on the server.
But even with an OpenBSD client and the default xterm(1) config,
connecting to other operating systems is never safe unless you make
sure you have an ASCII or UTF-8 locale set on the server *before
connecting*. Forwarding locale variables won't help with that at all.
Yours,
Ingo
More information about the openssh-unix-dev
mailing list