https://bugzilla.mindrot.org/show_bug.cgi?id=3434
Bug ID: 3434
Summary: provide a way to disable any set SetEnv and SendEnv
Product: Portable OpenSSH
Version: v9.0p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: calestyo@scientia.org
It would be nice to have counterparts of ClearAllForwardings for SetEnv
and SendEnv (probably independently for each).
Consider a user uses those in his ssh_config, maybe to even forward
sensitive data (whether that's smart is of course another topic).
Now there may be programs that internally use a ssh connection for
something, and which know already for sure that no Send/SetEnvs will be
needed and they'd wish for a way to disable these.
One might think at first that it works to simply do:
-o SendEnv=-*
but while that would remove a previously set (on the command line)
-o SendEnv=foo
it doesn't affect anything from ssh_config, as this is parsed later
(which I think would be nice to have explicitly documented, again, I
could provide a patch if it helps).
A workaround for that is to use env and call e.g. env -i ssh ...
Perhaps it would be nice to have something like -o SendEnv=!PATTERN
which removes PATTERN permanently (i.e. cannot be re-added later).
But there doesn't seem to be a way to generally (and permanently)
remove any SetEnv set env vars.
Thanks,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
Bug ID: 3434
Summary: provide a way to disable any set SetEnv and SendEnv
Product: Portable OpenSSH
Version: v9.0p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs@mindrot.org
Reporter: calestyo@scientia.org
It would be nice to have counterparts of ClearAllForwardings for SetEnv
and SendEnv (probably independently for each).
Consider a user uses those in his ssh_config, maybe to even forward
sensitive data (whether that's smart is of course another topic).
Now there may be programs that internally use a ssh connection for
something, and which know already for sure that no Send/SetEnvs will be
needed and they'd wish for a way to disable these.
One might think at first that it works to simply do:
-o SendEnv=-*
but while that would remove a previously set (on the command line)
-o SendEnv=foo
it doesn't affect anything from ssh_config, as this is parsed later
(which I think would be nice to have explicitly documented, again, I
could provide a patch if it helps).
A workaround for that is to use env and call e.g. env -i ssh ...
Perhaps it would be nice to have something like -o SendEnv=!PATTERN
which removes PATTERN permanently (i.e. cannot be re-added later).
But there doesn't seem to be a way to generally (and permanently)
remove any SetEnv set env vars.
Thanks,
Chris.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs