Re: SSH_CLIENT in recent OpenBSD releases
Missed the earlier part of this thread but... If you su - to another userid the environment variable appears to get unset. To the OP have you su'd or are do trying this immediately on login. I am running 5.1-stable and current and $SSH_CLIENT is valid on both boxes. On Thu, Oct 11, 2012 at 05:02:39PM +0200, Jan Stary wrote: > On Oct 11 10:38:04, be...@kroenchenstadt.de wrote: > > Hi, > > > > I've got to port some shell scripts which rely on env vars. One > > amongst those is $SSH_CLIENT. > > > > On OpenBSD 5.1 machines, I don't get what I'd assume to get: > > > > # echo $SSH_CLIENT > > > > It returns just a blank line. > > Are you in fact ssh-connected to the machine you are running this on? > That is, are you running this in the sshd-spawned shell? > -- ASCII ribbon campaign ( ) Powered by Lemote Fuloong against HTML e-mail X Loongson MIPS and OpenBSD and proprietary/ \http://www.mutt.org attachmentsCode Blue or Go Home!
Re: SSH_CLIENT in recent OpenBSD releases
On Oct 11 10:38:04, be...@kroenchenstadt.de wrote: > Hi, > > I've got to port some shell scripts which rely on env vars. One > amongst those is $SSH_CLIENT. > > On OpenBSD 5.1 machines, I don't get what I'd assume to get: > > # echo $SSH_CLIENT > > It returns just a blank line. Are you in fact ssh-connected to the machine you are running this on? That is, are you running this in the sshd-spawned shell?
Re: SSH_CLIENT in recent OpenBSD releases
Am 2012-10-11 11:29, schrieb Peter Hessler: On 2012 Oct 11 (Thu) at 11:15:24 +0200 (+0200), Bernd wrote: :Am 2012-10-11 10:38, schrieb Bernd: :>Hi, :> :>I've got to port some shell scripts which rely on env vars. One :>amongst those is $SSH_CLIENT. :> :>On OpenBSD 5.1 machines, I don't get what I'd assume to get: :> :># echo $SSH_CLIENT :> :>It returns just a blank line. : :Logged in as normal user, became root via 'su -'. That triggers :mentioned behavior, just using 'su' keeps it behaving as expected. : $ man su ... - Same as the -l option (deprecated). ... -l Simulate a full login. The environment is discarded except for HOME, SHELL, PATH, TERM, LOGNAME, and USER. HOME and SHELL are modified as above. LOGNAME and USER are set to the target login. PATH is set to the value specified by the ``path'' entry in login.conf(5). TERM is imported from your current environment. The invoked shell is the target login's, and su will change directory to the target login's home directory. Known for decades, sure. Still wonder what changed. Machines are pretty extremely default setups. Bernd
Re: SSH_CLIENT in recent OpenBSD releases
On 2012 Oct 11 (Thu) at 11:15:24 +0200 (+0200), Bernd wrote: :Am 2012-10-11 10:38, schrieb Bernd: :>Hi, :> :>I've got to port some shell scripts which rely on env vars. One :>amongst those is $SSH_CLIENT. :> :>On OpenBSD 5.1 machines, I don't get what I'd assume to get: :> :># echo $SSH_CLIENT :> :>It returns just a blank line. : :Logged in as normal user, became root via 'su -'. That triggers :mentioned behavior, just using 'su' keeps it behaving as expected. : $ man su ... - Same as the -l option (deprecated). ... -l Simulate a full login. The environment is discarded except for HOME, SHELL, PATH, TERM, LOGNAME, and USER. HOME and SHELL are modified as above. LOGNAME and USER are set to the target login. PATH is set to the value specified by the ``path'' entry in login.conf(5). TERM is imported from your current environment. The invoked shell is the target login's, and su will change directory to the target login's home directory. -- Distress, n.: A disease incurred by exposure to the prosperity of a friend. -- Ambrose Bierce, "The Devil's Dictionary"
Re: SSH_CLIENT in recent OpenBSD releases
Am 2012-10-11 11:01, schrieb Otto Moerbeek: On Thu, Oct 11, 2012 at 10:54:05AM +0200, Otto Moerbeek wrote: On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote: > Hi, > > I've got to port some shell scripts which rely on env vars. One > amongst those is $SSH_CLIENT. > > On OpenBSD 5.1 machines, I don't get what I'd assume to get: > > # echo $SSH_CLIENT > > It returns just a blank line. > > I re-tested this on an older development machine, running OpenBSD 4.6: > > # echo $SSH_CLIENT > 123.45.67.89 34402 22 > > Is that an intended change in behavior (security related)? I didn't > find a changelog entry, neither documentation. > > Thanks, > > Bernd SSH_CONNECTION replaces SSH_CLIENT. See the commit below and https://bugzilla.mindrot.org/show_bug.cgi?id=384 Ehh, replace is not the right word. It's still there. Thanks for that hint, but still: # echo $SSH_CONNECTION # echo $SSH_CLIENT # On the older machines, interesingly (and 'of course'), both return sensible data. Bernd CVSROOT:/cvs Module name:src Changes by: stev...@cvs.openbsd.org 2002/09/12 13:50:36 Modified files: usr.bin/ssh: session.c ssh.1 Log message: add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ -Otto
Re: SSH_CLIENT in recent OpenBSD releases
Am 2012-10-11 10:38, schrieb Bernd: Hi, I've got to port some shell scripts which rely on env vars. One amongst those is $SSH_CLIENT. On OpenBSD 5.1 machines, I don't get what I'd assume to get: # echo $SSH_CLIENT It returns just a blank line. Logged in as normal user, became root via 'su -'. That triggers mentioned behavior, just using 'su' keeps it behaving as expected. Thanks, Bernd I re-tested this on an older development machine, running OpenBSD 4.6: # echo $SSH_CLIENT 123.45.67.89 34402 22 Is that an intended change in behavior (security related)? I didn't find a changelog entry, neither documentation. Thanks, Bernd
Re: SSH_CLIENT in recent OpenBSD releases
On Thu, Oct 11, 2012 at 10:54:05AM +0200, Otto Moerbeek wrote: > On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote: > > > Hi, > > > > I've got to port some shell scripts which rely on env vars. One > > amongst those is $SSH_CLIENT. > > > > On OpenBSD 5.1 machines, I don't get what I'd assume to get: > > > > # echo $SSH_CLIENT > > > > It returns just a blank line. > > > > I re-tested this on an older development machine, running OpenBSD 4.6: > > > > # echo $SSH_CLIENT > > 123.45.67.89 34402 22 > > > > Is that an intended change in behavior (security related)? I didn't > > find a changelog entry, neither documentation. > > > > Thanks, > > > > Bernd > > SSH_CONNECTION replaces SSH_CLIENT. See the commit below and > https://bugzilla.mindrot.org/show_bug.cgi?id=384 Ehh, replace is not the right word. It's still there. > > CVSROOT:/cvs > Module name:src > Changes by: stev...@cvs.openbsd.org 2002/09/12 13:50:36 > > Modified files: > usr.bin/ssh: session.c ssh.1 > > Log message: > add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ > > -Otto
Re: SSH_CLIENT in recent OpenBSD releases
Am 2012-10-11 10:50, schrieb Paul de Weerd: On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote: | Hi, | | I've got to port some shell scripts which rely on env vars. One | amongst those is $SSH_CLIENT. | | On OpenBSD 5.1 machines, I don't get what I'd assume to get: | | # echo $SSH_CLIENT | | It returns just a blank line. This "Works For Me (tm)" on a snapshot I installed yesterday. I ssh into my machine and SSH_CLIENT contains the expected value. Weird. I tested on four amd64 5.1 machines, totally default setups, all the same phenomenon. | I re-tested this on an older development machine, running OpenBSD 4.6: | | # echo $SSH_CLIENT | 123.45.67.89 34402 22 | | Is that an intended change in behavior (security related)? I didn't | find a changelog entry, neither documentation. Can you confirm your shell initialization isn't clearing this environment variable ? Defaults everywhere, as on the machine(s) running earlier releases. Bernd Paul 'WEiRD' de Weerd -- [<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]
Re: SSH_CLIENT in recent OpenBSD releases
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote: > Hi, > > I've got to port some shell scripts which rely on env vars. One > amongst those is $SSH_CLIENT. > > On OpenBSD 5.1 machines, I don't get what I'd assume to get: > > # echo $SSH_CLIENT > > It returns just a blank line. > > I re-tested this on an older development machine, running OpenBSD 4.6: > > # echo $SSH_CLIENT > 123.45.67.89 34402 22 > > Is that an intended change in behavior (security related)? I didn't > find a changelog entry, neither documentation. > > Thanks, > > Bernd SSH_CONNECTION replaces SSH_CLIENT. See the commit below and https://bugzilla.mindrot.org/show_bug.cgi?id=384 CVSROOT:/cvs Module name:src Changes by: stev...@cvs.openbsd.org 2002/09/12 13:50:36 Modified files: usr.bin/ssh: session.c ssh.1 Log message: add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384. ok markus@ -Otto
Re: SSH_CLIENT in recent OpenBSD releases
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote: >Hi, > >I've got to port some shell scripts which rely on env vars. One >amongst those is $SSH_CLIENT. > >On OpenBSD 5.1 machines, I don't get what I'd assume to get: > ># echo $SSH_CLIENT > >It returns just a blank line. > >I re-tested this on an older development machine, running OpenBSD 4.6: > ># echo $SSH_CLIENT >123.45.67.89 34402 22 I do get an answer like the above on a 5.1 machine. So perhaps something in your local environment that clear it? -- Maurice
Re: SSH_CLIENT in recent OpenBSD releases
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote: | Hi, | | I've got to port some shell scripts which rely on env vars. One | amongst those is $SSH_CLIENT. | | On OpenBSD 5.1 machines, I don't get what I'd assume to get: | | # echo $SSH_CLIENT | | It returns just a blank line. This "Works For Me (tm)" on a snapshot I installed yesterday. I ssh into my machine and SSH_CLIENT contains the expected value. | I re-tested this on an older development machine, running OpenBSD 4.6: | | # echo $SSH_CLIENT | 123.45.67.89 34402 22 | | Is that an intended change in behavior (security related)? I didn't | find a changelog entry, neither documentation. Can you confirm your shell initialization isn't clearing this environment variable ? Paul 'WEiRD' de Weerd -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/ [demime 1.01d removed an attachment of type application/pgp-signature]