On Sun, Feb 04, 2024 at 08:39:27AM -0700, Andy Bradford wrote:
> Hello,
>
> When using SSH to invoke a remote command via the syntax:
>
> ssh remotehost remotecommand
>
> The $HOME/.profile is not used and there appears to be a very minimal
> environment setup. The PATH does not include any components that have
> been added in .profile.
>
> This is probably what step 5 in the LOGIN PROCESS is all about:
>
> http://man.openbsd.org/sshd#LOGIN_PROCESS
>
> According to the man page for sshd(8):
>
> After this, the client either requests an interactive shell or execution
> of a non-interactive command, which sshd will execute via the user's
> shell using its -c option.
>
> So in the case where an interactive shell is chosen, the PATH will be
> set according to .profile, but in the case where a non-interactive
> command is chosen, a shell is invoked with -c. So I have a script in
> $HOME/bin (which is defined in PATH normally in .profile) which I can
> run when logged in interactively:
>
> $ helloworld
> HELLO WORLD
>
> But when I try to run it as a non-interactive command, it fails:
>
> $ ssh localhost helloworld
> amb@localhost's password:
> ksh: helloworld: not found
>
> Obviously, one way to do this is by calling the command like:
>
> $ ssh localhost PATH=\$HOME/bin:\$PATH helloworld
> amb@localhost's password:
> HELLO WORLD
>
> This works and can be seen in ssh -v output as:
>
> debug1: Sending command: PATH=$HOME/bin:$PATH helloworld
>
> But is there a file that I can modify that will cause the shell proper
> to load some kind of environment setup also for non-interactive shells
> started with -c?
>
> sshd does have PermitUserEnvironment and that works, however, it's not
> enabled by default and it's not a function of the SHELL proper. From a
> user perspective, it seems that the user only has control of the
> environment when using interactive shells and there is no way to control
> the environment for non-interactive shells (from the remote side). Are
> these the only 2 options (PermitUserEnvironment or prepend the command
> with the environment) or is there something I'm missing from ksh(1)?
See ssh_config(5):
SetEnv Directly specify one or more environment variables and their
contents to be sent to the server. Similarly to SendEnv, with
the exception of the TERM variable, the server must be prepared
to accept the environment variable.
