Commit bd9bf38b authored by Ben Lindstrom's avatar Ben Lindstrom

- stevesk@cvs.openbsd.org 2002/08/12 17:30:35

     [ssh.1 sshd.8 sshd_config.5]
     more PermitUserEnvironment; ok markus@
parent 15b6120e
......@@ -30,6 +30,9 @@
- stevesk@cvs.openbsd.org 2002/08/09 17:41:12
[sshd_config.5]
proxy vs. fake display
- stevesk@cvs.openbsd.org 2002/08/12 17:30:35
[ssh.1 sshd.8 sshd_config.5]
more PermitUserEnvironment; ok markus@
20020813
- (tim) [configure.ac] Display OpenSSL header/library version.
......@@ -1527,4 +1530,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2422 2002/08/20 18:44:24 mouring Exp $
$Id: ChangeLog,v 1.2423 2002/08/20 18:54:20 mouring Exp $
......@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: ssh.1,v 1.161 2002/08/02 16:00:07 marc Exp $
.\" $OpenBSD: ssh.1,v 1.162 2002/08/12 17:30:35 stevesk Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
......@@ -744,9 +744,9 @@ and adds lines of the format
.Dq VARNAME=value
to the environment if the file exists and if users are allowed to
change their environment.
See
See the
.Cm PermitUserEnvironment
in
option in
.Xr sshd_config 5 .
.Sh FILES
.Bl -tag -width Ds
......
......@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd.8,v 1.187 2002/08/02 16:00:07 marc Exp $
.\" $OpenBSD: sshd.8,v 1.188 2002/08/12 17:30:35 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
......@@ -351,9 +351,9 @@ Sets up basic environment.
Reads
.Pa $HOME/.ssh/environment
if it exists and users are allowed to change their environment.
See
See the
.Cm PermitUserEnvironment
in
option in
.Xr sshd_config 5 .
.It
Changes to user's home directory.
......@@ -462,6 +462,10 @@ logging in using this key.
Environment variables set this way
override other default environment values.
Multiple options of this type are permitted.
Environment processing is disabled by default and is
controlled via the
.Cm PermitUserEnvironment
option.
This option is automatically disabled if
.Cm UseLogin
is enabled.
......@@ -702,6 +706,10 @@ It can only contain empty lines, comment lines (that start with
and assignment lines of the form name=value.
The file should be writable
only by the user; it need not be readable by anyone else.
Environment processing is disabled by default and is
controlled via the
.Cm PermitUserEnvironment
option.
.It Pa $HOME/.ssh/rc
If this file exists, it is run with /bin/sh after reading the
environment files but before starting the user's shell or command.
......
......@@ -34,7 +34,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.\" $OpenBSD: sshd_config.5,v 1.8 2002/08/09 17:41:12 stevesk Exp $
.\" $OpenBSD: sshd_config.5,v 1.9 2002/08/12 17:30:35 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
......@@ -468,18 +468,17 @@ root is not allowed to login.
.It Cm PermitUserEnvironment
Specifies whether
.Pa ~/.ssh/environment
is read by
.Nm sshd
and whether
and
.Cm environment=
options in
.Pa ~/.ssh/authorized_keys
files are permitted.
are processed by
.Nm sshd .
The default is
.Dq no .
This option is useful for locked-down installations where
.Ev LD_PRELOAD
and suchlike can cause security problems.
Enabling environment processing may enable users to bypass access
restrictions in some configurations using mechanisms such as
.Ev LD_PRELOAD .
.It Cm PidFile
Specifies the file that contains the process ID of the
.Nm sshd
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment