ssh_config(5) a SendEnv

[Jan Kasprzak]

	Dobry den,

netusite nekdo, jak v ~/.ssh/config rict, aby neposilal _zadne_ promenne
prostredi pro jeden konkretni server?

	O co jde: mam server HP s ridicim pocitacem HP iLO, na ktery se
da prihlasit pres ssh. Bohuzel kdyz napisu "ssh user na ilo", spadne to
s "shell request failed on channel 0". Zjistil jsem, ze kdyz
udelam "ssh -F /dev/null user na ilo", tak to funguje.

	Volba -F krome pridani noveho konfiguracniho souboru zpusobi
ignorovani implicitniho /etc/ssh/ssh_config. V tomto souboru mam jen par
nastaveni typu ForwardX11, ktera jdou v uzivatelske konfiguraci prebit
zmenou z "yes" na "no" nebo naopak, a pak nekolik direktiv SendEnv,
ktere jsem nezjistil jak je v uzivatelske konfiguraci vypnout. Protoze
podle ssh -vv dojde k te chybe dost blizko po posilani promennych prostredi,
myslim si, ze proste sshd v iLO ma s timto problem.

	Netusite nekdo, jak se v ~/.ssh/config rekne "neposilej _zadne_
promenne prostredi, ani ty ktere jsou v /etc/ssh/config u `Host *'"?

	Pro zajimavost prikladam diff vypisu ssh -vv user na ilo (-)
a ssh -vv -F /dev/null user na ilo (+).

-Yenya

--- /tmp/log1	2009-02-03 10:29:06.000000000 +0100
+++ /tmp/log2	2009-02-03 10:29:24.000000000 +0100
@@ -1,8 +1,5 @@
 OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007
-debug1: Reading configuration data /home/kas/.ssh/config
-debug1: Applying options for ilo
-debug1: Reading configuration data /etc/ssh/ssh_config
-debug1: Applying options for *
+debug1: Reading configuration data /dev/null
 debug2: ssh_connect: needpriv 0
 debug1: Connecting to ilo [10.0.0.1] port 22.
 debug1: Connection established.
@@ -48,13 +45,13 @@
 debug1: kex: server->client aes128-cbc hmac-md5 none
 debug2: mac_setup: found hmac-md5
 debug1: kex: client->server aes128-cbc hmac-md5 none
-debug2: dh_gen_key: priv key bits set: 124/256
-debug2: bits set: 531/1024
+debug2: dh_gen_key: priv key bits set: 125/256
+debug2: bits set: 502/1024
 debug1: sending SSH2_MSG_KEXDH_INIT
 debug1: expecting SSH2_MSG_KEXDH_REPLY
 debug1: Host 'ilo' is known and matches the RSA host key.
 debug1: Found key in /etc/ssh/ssh_known_hosts:498
-debug2: bits set: 500/1024
+debug2: bits set: 485/1024
 debug1: ssh_rsa_verify: signature correct
 debug2: kex_derive_keys
 debug2: set_newkeys: mode 1
@@ -65,7 +62,7 @@
 debug1: SSH2_MSG_SERVICE_REQUEST sent
 debug2: service_accept: ssh-userauth
 debug1: SSH2_MSG_SERVICE_ACCEPT received
-debug2: key: /home/kas/.ssh/id_dsa (0x7fb583e8a440)
+debug2: key: /home/kas/.ssh/id_dsa (0x7fcfaf077250)
 debug2: key: /home/kas/.ssh/id_rsa ((nil))
 debug1: Authentications that can continue: password,publickey
 debug1: Next authentication method: publickey
@@ -84,14 +81,18 @@
 debug2: callback start
 debug2: client_session2_setup: id 0
 debug2: channel 0: request pty-req confirm 1
-debug1: Sending environment.
-debug1: Sending env LANG = en_US.UTF-8
-debug2: channel 0: request env confirm 0
 debug2: channel 0: request shell confirm 1
 debug2: fd 3 setting TCP_NODELAY
 debug2: callback done
 debug2: channel 0: open confirm rwindow 1048576 rmax 2048
 debug2: channel_input_confirm: type 99 id 0
 debug2: PTY allocation request accepted on channel 0
-debug2: channel_input_confirm: type 100 id 0
-shell request failed on channel 0
+debug2: channel_input_confirm: type 99 id 0
+debug2: shell request accepted on channel 0
+debug1: channel 0: free: client-session, nchannels 1
+debug1: fd 2 clearing O_NONBLOCK
+Connection to ilo closed by remote host.
+Connection to ilo closed.
+Transferred: sent 2616, received 1320 bytes, in 2.4 seconds
+Bytes per second: sent 1079.6, received 544.7
+debug1: Exit status -1

-- 
| Jan "Yenya" Kasprzak  <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839      Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/    Journal: http://www.fi.muni.cz/~kas/blog/ |
>>  If you find yourself arguing with Alan Cox, you’re _probably_ wrong.  <<
>>     --James Morris in "How and Why You Should Become a Kernel Hacker"  <<