I am trying to setup svn over ssh on an OS X server. In order to do so, I read that I need a wrapper to set umask and - in my case - to set the repository root. A quick and dirty way to do that is to rename /usr/bin/svnserve and place a wrapper script at that location. However SIP protects that location from any changes, and I would prefer a cleaner solution anyway.
So I created a wrapper script at /usr/local/bin/svnserve and created /etc/ssh/sshrc with
PATH=/usr/local/bin:$PATH
I have verified that this file gets executed when initiating a remote ssh command from my client by writing to a log file. However, the modified PATH does not seem to get passed to the command environment:
ssh hostname 'echo $PATH'
Password:
/usr/bin:/bin:/usr/sbin:/sbin
Am I overlooking something? Or is /etc/ssh/sshrc the wrong place to set a path? If so, what's the right place?
Other places I've tried: /etc/profile and /etc/bashrc, but none of these seem to get executed in connection with an ssh command.
Note: It is not an option to change the client behavior (like, for example, adding the desired path to the command).
/etc/sshrc does not run in the same shell instance with the remotely-issued command, so the PATH update does not persist through.
Some of the available options:
You can set AcceptEnv PATH on the server to configure it to accept a PATH sent by the remote system, and SendEnv PATH on the client (in ~/.ssh/config, or as an argument to ssh passed with -o, or in /etc/ssh/ssh_config).
In /etc/ssh/sshd_config on the server, you can set the option PermitUserEnvironment to yes; with that done, the variable and value can be added to ~/.ssh/environment in the individual user's account on the server.
You can use ForceCommand to override the remotely requested command, either with something like /usr/bin/env PATH=/usr/local/bin:/usr/bin:/bin svnserve or simply /usr/local/bin/svnserve
Related
Accordingly to ssh man page -o allows to set the content of a given ssh client option. I would like to unset SendEnv (or set it to empty) in order to avoid locale setup in server side.
I got the desired effect by commenting SendEnv line in ssh_config file. However, it is not a good option for my application.
How to achieve this when running ssh command? I tried ssh -o SendEnv='' server without success.
It is not possible to do that on the command-line. The SendEnv option does not overwrite, but append to the existing values.
But you can create a different configuration file, which will not have these options and use -F option, which will prevent using the global configuration file:
ssh -F /my/specific_ssh_config server
A bit late but maybe someone can still profit from my answer. According to 'man ssh_config' it is possible to clear SendEnv variables:
It is possible to clear previously set SendEnv variable names by prefixing patterns with -.
So you should basically be able to use your construct with
-o SendEnv=''
But instead of leaving the brackets empty you put the variables which you want to overwrite in the brackets but prefix each of them with a dash.
Or you specify the same in your users own ssh config (usually ~/.ssh/config). Wich if I understand the documentation correctly should also overwrite it.
I couldnt find answer to this althougth there are many similar questions.I wanted to change colour of my linux command prompt based on the remote host i have ssh to.Since bash environment variables are not preserved over ssh,so how could i do this.There are hundreds of server i login everyday.So changing /.bashrc of each remote host is not possible.is there a way i can pullout a script which can be called each time ssh is done.Can someone please give in detail of which file and how it should be edited.gnome,openssh etc are not supprted.
during ssh execution,a new login shell was executed.
during shell login the *rc files are not executed,only *profile was executed.
so place your code in /etc/profile or ~/.bash_profile.
"Since bash environment variables are not preserved over ssh..."
man ssh
Additionally, ssh reads ~/.ssh/environment, and adds lines of the format
“VARNAME=value” to the environment if the file exists and users are
allowed to change their environment. For more information, see the
PermitUserEnvironment option in sshd_config(5).
After searching all over the internet, I came know where to alter the values of PATH variable in case of interactive/non-interactive - login/non-login shell combinations.
Found from another post
https://shreevatsa.wordpress.com/2008/03/30/zshbash-startup-files-loading-order-bashrc-zshrc-etc/
I have "/bin/sh" as default login shell and only /etc/profile file is being used to export all needed environment variables in my system. And in case of non-interactive login shell, /etc/profile is not being referred too, even though above link says it would. But still when I execute,
ssh -4 -q -o StrictHostKeyChecking=no root#xxxx "env"
Password:
SHELL=/bin/sh
...
**PATH=/usr/bin:/bin:/usr/sbin:/sbin**
...
I could see some default values for PATH variable. I would like to know where exactly these default values of PATH are being set.
You should not care at all where PATH is set. You should set PATH always in your shell startup file (.profile or .bashrc).
This way you do not rely on someone else's soon useless assumption what directories should be in your PATH. The only one who knows is YOU.
Start out with
PATH=$(getconf PATH)
and then add to your liking with
PATH=$PATH:$HOME/bin
PATH=$PATH:/usr/local/bin
PATH=$PATH:<...any other directory you need...>
PS: In your specific case, it looks like the PATH is inherited from the remote end's SSH daemon which eventually forks your shell. If a shell does not inherit a PATH from its parent, it will set a default value that you can query with env -i /bin/sh -c 'echo $PATH'.
It depends on your distribution. In Debian and its derivatives, the definition is found in /etc/environment and it is read into the current session by inclusion of pam_env.so in the appropriate /etc/pam.d/ files.
I'd like to change my terminal color depending on ssh connected HOSTNAME.
I know how to modify the terminal, but how can I instrument ssh to add hooks?
I could wrap the ssh command with a shell function, or replace the binary, but its used as a dependency by other apps, and I would rather not do that.
You can use LocalCommand feature of OpenSSH when connecting to a remote server:
LocalCommand
Specifies a command to execute on the local machine after successfully connecting to the server. The command string extends to the end of the line, and is executed
with the user's shell. The following escape character substitutions will be performed: ‘%d’ (local user's home directory), ‘%h’ (remote host name), ‘%l’ (local host
name), ‘%n’ (host name as provided on the command line), ‘%p’ (remote port), ‘%r’ (remote user name) or ‘%u’ (local user name).
The command is run synchronously and does not have access to the session of the ssh(1) that spawned it. It should not be used for interactive commands.
This directive is ignored unless PermitLocalCommand has been enabled.
There is probably no easy way to execute a command when ending a connection with a remote server though apart from writing a ssh wrapper.
A Wrapper around SSH may be your best bet, even though you have discounted it. However almost every program lets you specify the 'ssh' command they use.
In my I own case I have a 'r' command to replace 'ssh' which performs account lookups (username and host aliases and DNS expansion without relying on the 'DNS resolver domain list', amoungst other things). These Are my notes to get various programs to call 'r' instead of 'ssh'.
scp
No config or environment variables, you must use option "-Sr"
scp -Sr ...
rsync
set environment variable
RSYNC_RSH="r -x"
unison
In ".unison/default.prf"
sshcmd = r
sshargs = -q -x
cssh
In ".clusterssh/config"
ssh=r
ssh_args= -x -o ConnectTimeout=10
multixterm
Use multixterm -xc "r %n" hostname...
vim netrw (file explorer)
Have it use the "rsync" command (set above)...
vim rsync://hostname/
OR for vim scp://hostname/...
In ".vimrc" configuration, redefine scp command to use.
let g:netrw_list_cmd="r USEPORT HOSTNAME ls -Fa1"
let g:netrw_scp_cmd="scp -Sr -q"
My 'r' script decodes all SSH arguments, I have seen used, and even handles very OLD "rsync" commands that placed more options AFTER the hostname! (Yes, I have been using this script a long time)
I try to start some command from ssh non-interactive ssh connection. I use ant-sshexec connection for that.
In order to set everything up I used this article:
http://www.raphink.info/2008/09/forcing-environment-in-ssh.html
I use ~/.ssh/environment.
In order to do that, I set PermitUserEnvironment to "yes" in sshd_config and restarted sshd.
In my .ssh/environment I have this content:
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/home/ubuntu/java/jdk1.6.0_27/bin
JAVA_HOME=/home/ubuntu/java/jdk1.6.0_27
#PATH=/home/ubuntu/java/jdk1.6.0_27/bin:$PATH
#PLAY_HOME=/home/ubuntu/play
and I have the error when try to connect using non-interactive connection:
[sshexec] Could not execute the java executable, please make sure the JAVA_HOME environment variable is set properly (the java executable should reside at JAVA_HOME/bin/java).
But I added the java to the path..
The man page for sshd(8) says this about ~/.ssh/environment:
It can only contain empty lines, comment lines (that start with
‘#’), and assignment lines of the form name=value.
That is, it is not a shell script at all. You have double quotes, variable expansion and an alias definition. None of that will work. Try this:
PATH=/home/ubuntu/java/jdk1.6.0_27/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
JAVA_HOME=/home/ubuntu/java/jdk1.6.0_27
PLAY_HOME=/home/ubuntu/play
Also ensure that the permissions on the ~/.ssh/environment are as described in the man page — no group or other write permissions on the file.
If you are concerned with locking yourself out of the account with a broken environment, test by logging onto the host first and running test commands such like this:
ssh localhost 'echo $JAVA_HOME'
You can ensure that the environment variables are set as you expect them and if something goes wrong, you are still logged onto the host allowing you to reverse your changes.
You used multiple environement variable for path . But don't export from command what i see.
You should do it like that way.
export PATH="A"
export PATH="$PATH:B"
export PATH="$PATH:C"
Also you can get this type of help from there.
So please post it to unix.
https://unix.stackexchange.com/questions/12391/how-to-run-my-c-program-from-anywhere-within-the-system-ubuntu-10-10
Hope it helps.