Setting variable in /etc/environment has no effect for ssh session

Yu, Mingli mingli.yu at eng.windriver.com
Mon Apr 21 13:06:14 AEST 2025 

Currently, have "session    required pam_env.so debug" in 
/etc/pam.d/sshd and "UsePAM yes" in /etc/ssh/sshd_config.

After restart sshd service and ssh from 192.168.7.3 as below:
# ssh root at 192.168.7.4
# echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin

And still didn't the expected PATH.


on 192.168.7.4,
# tail -f /var/log/auth.log
2025-04-21T02:54:21.449615+00:00 intel-x86-64 sshd-session[510]: 
pam_unix(sshd:auth): user [root] has blank password; authenticated 
without it
2025-04-21T02:54:21.468311+00:00 intel-x86-64 sshd-session[510]: 
Accepted none for root from 192.168.7.3 port 58598 ssh2
2025-04-21T02:54:21.484910+00:00 intel-x86-64 sshd-session[510]: 
pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
2025-04-21T02:54:21.576909+00:00 intel-x86-64 systemd-logind[213]: New 
session c3 of user root.
2025-04-21T02:54:21.630455+00:00 intel-x86-64 sshd-session[510]: 
pam_env(sshd:session): 
pam_putenv("PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/test")


Any hints?

Thanks,

On 4/20/25 06:21, Darren Tucker wrote:
> **
> *CAUTION: This email comes from a non Wind River email account!*
> Do not click links or open attachments unless you recognize the sender 
> and know the content is safe.
> On Sat, 19 Apr 2025 at 14:44, Damien Miller <djm at mindrot.org 
> <mailto:djm at mindrot.org>> wrote:
> 
>     On Thu, 17 Apr 2025, Yu, Mingli wrote:
>     [...]
>      > I'm using openssh 9.9p2 and have defined the below logic into
>     /etc/pam.d/sshd.
>      > session required pam_env.so
>     <https://urldefense.com/v3/__http://pam_env.so__;!!AjveYdw8EvQ!ZF2OrMmsX8vpTUUNHA1hkQKhLFYw1eSerAeBs45Y92R-IRsNsV7fDp8ghtUn-_TDVrtRnb2Fu9vW5DOGCtc2GXc$>
>      >
>      > But the environment variables defined in /etc/environment file
>     are not
>      > effective when login via ssh. Could you help to guide what's
>     wrong here?
> 
>     I don't know why this isn't working for you, AFAIK it supported.
>     Perhaps try turning on debugging logs from pam_env?
> 
> 
> Also check that you are actually using PAM in sshd ("UsePAM yes" in 
> sshd_config, it defaults to no) and that if set, PAMServiceName refers 
> to the config you expect (it defaults to "sshd").
> 
> -- 
> Darren Tucker (dtucker at dtucker.net 
> <https://urldefense.com/v3/__http://dtucker.net__;!!AjveYdw8EvQ!ZF2OrMmsX8vpTUUNHA1hkQKhLFYw1eSerAeBs45Y92R-IRsNsV7fDp8ghtUn-_TDVrtRnb2Fu9vW5DOGzc4KQRg$>)
> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA
>      Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.

More information about the openssh-unix-dev mailing list