- stevesk@cvs.openbsd.org 2002/08/09 17:41:12
[sshd_config.5]
proxy vs. fake display
+ - stevesk@cvs.openbsd.org 2002/08/12 17:30:35
+ [ssh.1 sshd.8 sshd_config.5]
+ more PermitUserEnvironment; ok markus@
20020813
- (tim) [configure.ac] Display OpenSSL header/library version.
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.161 2002/08/02 16:00:07 marc Exp $
+.\" $OpenBSD: ssh.1,v 1.162 2002/08/12 17:30:35 stevesk Exp $
.Dd September 25, 1999
.Dt SSH 1
.Os
.Dq VARNAME=value
to the environment if the file exists and if users are allowed to
change their environment.
-See
+See the
.Cm PermitUserEnvironment
-in
+option in
.Xr sshd_config 5 .
.Sh FILES
.Bl -tag -width Ds
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd.8,v 1.187 2002/08/02 16:00:07 marc Exp $
+.\" $OpenBSD: sshd.8,v 1.188 2002/08/12 17:30:35 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD 8
.Os
Reads
.Pa $HOME/.ssh/environment
if it exists and users are allowed to change their environment.
-See
+See the
.Cm PermitUserEnvironment
-in
+option in
.Xr sshd_config 5 .
.It
Changes to user's home directory.
Environment variables set this way
override other default environment values.
Multiple options of this type are permitted.
+Environment processing is disabled by default and is
+controlled via the
+.Cm PermitUserEnvironment
+option.
This option is automatically disabled if
.Cm UseLogin
is enabled.
and assignment lines of the form name=value.
The file should be writable
only by the user; it need not be readable by anyone else.
+Environment processing is disabled by default and is
+controlled via the
+.Cm PermitUserEnvironment
+option.
.It Pa $HOME/.ssh/rc
If this file exists, it is run with /bin/sh after reading the
environment files but before starting the user's shell or command.
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.8 2002/08/09 17:41:12 stevesk Exp $
+.\" $OpenBSD: sshd_config.5,v 1.9 2002/08/12 17:30:35 stevesk Exp $
.Dd September 25, 1999
.Dt SSHD_CONFIG 5
.Os
.It Cm PermitUserEnvironment
Specifies whether
.Pa ~/.ssh/environment
-is read by
-.Nm sshd
-and whether
+and
.Cm environment=
options in
.Pa ~/.ssh/authorized_keys
-files are permitted.
+are processed by
+.Nm sshd .
The default is
.Dq no .
-This option is useful for locked-down installations where
-.Ev LD_PRELOAD
-and suchlike can cause security problems.
+Enabling environment processing may enable users to bypass access
+restrictions in some configurations using mechanisms such as
+.Ev LD_PRELOAD .
.It Cm PidFile
Specifies the file that contains the process ID of the
.Nm sshd