Setting variable in /etc/environment has no effect for ssh session
Yu, Mingli
mingli.yu at eng.windriver.com
Mon Apr 21 13:35:23 AEST 2025
On 4/21/25 11:06, Yu, Mingli wrote:
> Currently, have "session required pam_env.so debug" in
> /etc/pam.d/sshd and "UsePAM yes" in /etc/ssh/sshd_config.
>
> After restart sshd service and ssh from 192.168.7.3 as below:
> # ssh root at 192.168.7.4
> # echo $PATH
> /usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin
>
> And still didn't the expected PATH.
>
>
> on 192.168.7.4,
> # tail -f /var/log/auth.log
> 2025-04-21T02:54:21.449615+00:00 intel-x86-64 sshd-session[510]:
> pam_unix(sshd:auth): user [root] has blank password; authenticated
> without it
> 2025-04-21T02:54:21.468311+00:00 intel-x86-64 sshd-session[510]:
> Accepted none for root from 192.168.7.3 port 58598 ssh2
> 2025-04-21T02:54:21.484910+00:00 intel-x86-64 sshd-session[510]:
> pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0)
> 2025-04-21T02:54:21.576909+00:00 intel-x86-64 systemd-logind[213]: New
> session c3 of user root.
> 2025-04-21T02:54:21.630455+00:00 intel-x86-64 sshd-session[510]:
> pam_env(sshd:session):
> pam_putenv("PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/test")
>
>
> Any hints?
Just found the root cause, seems the PATH is rest in /etc/profile in the
system which I used.
Thanks again for your help!
Thanks,
>
> Thanks,
>
> On 4/20/25 06:21, Darren Tucker wrote:
>> **
>> *CAUTION: This email comes from a non Wind River email account!*
>> Do not click links or open attachments unless you recognize the sender
>> and know the content is safe.
>> On Sat, 19 Apr 2025 at 14:44, Damien Miller <djm at mindrot.org
>> <mailto:djm at mindrot.org>> wrote:
>>
>> On Thu, 17 Apr 2025, Yu, Mingli wrote:
>> [...]
>> > I'm using openssh 9.9p2 and have defined the below logic into
>> /etc/pam.d/sshd.
>> > session required pam_env.so
>>
>> <https://urldefense.com/v3/__http://pam_env.so__;!!AjveYdw8EvQ!ZF2OrMmsX8vpTUUNHA1hkQKhLFYw1eSerAeBs45Y92R-IRsNsV7fDp8ghtUn-_TDVrtRnb2Fu9vW5DOGCtc2GXc$>
>> >
>> > But the environment variables defined in /etc/environment file
>> are not
>> > effective when login via ssh. Could you help to guide what's
>> wrong here?
>>
>> I don't know why this isn't working for you, AFAIK it supported.
>> Perhaps try turning on debugging logs from pam_env?
>>
>>
>> Also check that you are actually using PAM in sshd ("UsePAM yes" in
>> sshd_config, it defaults to no) and that if set, PAMServiceName refers
>> to the config you expect (it defaults to "sshd").
>>
>> --
>> Darren Tucker (dtucker at dtucker.net
>> <https://urldefense.com/v3/__http://dtucker.net__;!!AjveYdw8EvQ!ZF2OrMmsX8vpTUUNHA1hkQKhLFYw1eSerAeBs45Y92R-IRsNsV7fDp8ghtUn-_TDVrtRnb2Fu9vW5DOGzc4KQRg$>)
>> GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
>> Good judgement comes with experience. Unfortunately, the experience
>> usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list