[jira] [Commented] (SSHD-1308) No exception is thrown if setting environment variable is ignored by SSH server
[
https://issues.apache.org/jira/browse/SSHD-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623373#comment-17623373
]
Thomas Wolf commented on SSHD-1308:
---
{quote}client application must be notified by a message such as _setting
environment variable is not allowed_ instead of success.
{quote}
That's not part of the SSH RFC's. As I wrote, you'd have to program that
yourself. And in fact, there are SSH clients that do expect the "silently
ignore" behavior (for instance, git using SSH for cloning or fetching).
Most SSH servers restrict the environment variables that can be set via the SSH
"env" channel command anyway. It depends on the server configuration; see
[AcceptEnv|https://man.openbsd.org/sshd_config#AcceptEnv] in the OpenSSH server
configuration.
If you want the "throw an exception" behavior, here's one approach how you
could implement this in your client: with enough overriding and custom
subclassing, you could implement a custom {{ChannelExec}} that would send the
"env" channel requests with {{{}want-reply = true{}}}. A correct server must
send back an {{SSH_MSG_CHANNEL_FAILURE}} if it doesn't set an environment
variable. You would also need a queue (per channel) of sent "env" requests
without reply yet, and fulfill the OpenFuture only once all requests have been
positively acknowledged. If any of them receives a failure reply, close the
channel and fulfill the OpenFuture with an exception.
But implementing this correctly is not easy.
In the Apache MINA sshd library we will not do this. We follow the OpenSSH
behavior here, which is to send the "env" requests with {{{}want-reply =
false{}}}. Which means the client silently ignores the fact that the server may
not have set an environment variable.
A well-designed application protocol between the command you invoke on the
server and your client can recognize and deal with both cases, whether or not
the server set the environment variable. Again, git is such an example.
Your work-around of using {{sh -c}} and setting the variables inside the
command is valid, and much easier than implementing the "throw exception"
behavior.
> No exception is thrown if setting environment variable is ignored by SSH
> server
> ---
>
> Key: SSHD-1308
> URL: https://issues.apache.org/jira/browse/SSHD-1308
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.9.1
> Environment: Java 8
>Reporter: dgü
>Priority: Major
>
> Hello!
> If an environment variable set by
> _org.apache.sshd.client.session.ClientSession#createExecChannel(command,null,env)_
> is ignored by SSH server and exit code returns 0, then this may cause
> unexpected behaviour in client application.
> For example, client application may do different tasks when an environment
> variable is set and not set. In both cases, client application may return 0.
> Client application may assume that it worked successfully. But, indeed its
> environment variable is ignored and worked as if environment variable is not
> set.
> is it possible throw an exception if setting environment variable is ignored
> by SSH server ?
> Thanks in advance...
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1308) No exception is thrown if setting environment variable is ignored by SSH server
[
https://issues.apache.org/jira/browse/SSHD-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623351#comment-17623351
]
dgü commented on SSHD-1308:
---
I don't know how SSH servers run remote commands.
If they run remote commands by a shell such as _sh, cmd_ then the workaround
above may cause addional child shell unless SSH servers are aware of remote
command is a shell and no need to run its own shell.
If they run remote commands directly without a shell, there will be no
additionall shell already.
This is from _OpenSSH 7.4p1_ on Linux:
{{oracle@ubsia ~]$ pstree}}
{{systemd─┬─NetworkManager───2*[\{NetworkManager}]}}
{{ ├─agetty}}
{{ ├─auditd───\{auditd}}}
{{ ├─chronyd}}
{{ ├─crond}}
{{ ├─dbus-daemon───\{dbus-daemon}}}
{{ ├─gssproxy───5*[\{gssproxy}]}}
{{ ├─lvmetad}}
{{ ├─polkitd───6*[\{polkitd}]}}
{{ ├─rhnsd}}
{{ ├─rsyslogd───2*[\{rsyslogd}]}}
{{ ├─smartd}}
{{ ├─sshd─┬─sshd───sshd───bash───pstree}}
{{ │ ├─sshd───sshd───bash───rman───oracle <-- RMAN MANUALLY}}
{{ │ ├─sshd───sshd───bash}}
{{ │ └─sshd───sshd───rman───oracle <-- RMAN BY MINA SSHD by
}}{{sh -c '...' }}{{}}
{{ ├─systemd-journal}}
{{ ├─systemd-logind}}
{{ ├─systemd-udevd}}
{{ └─tuned───4*[\{tuned}]}}
{{[oracle@ubsia ~]$ }}
As seen above there is no additional _sh_ command in the process tree when
remote command is run by sh -c '...'. OpenSSH Server may have optimized it, or
something else that I don't know.
This is out of the topic. I wrote if someone needs in future.
> No exception is thrown if setting environment variable is ignored by SSH
> server
> ---
>
> Key: SSHD-1308
> URL: https://issues.apache.org/jira/browse/SSHD-1308
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.9.1
> Environment: Java 8
>Reporter: dgü
>Priority: Major
>
> Hello!
> If an environment variable set by
> _org.apache.sshd.client.session.ClientSession#createExecChannel(command,null,env)_
> is ignored by SSH server and exit code returns 0, then this may cause
> unexpected behaviour in client application.
> For example, client application may do different tasks when an environment
> variable is set and not set. In both cases, client application may return 0.
> Client application may assume that it worked successfully. But, indeed its
> environment variable is ignored and worked as if environment variable is not
> set.
> is it possible throw an exception if setting environment variable is ignored
> by SSH server ?
> Thanks in advance...
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1308) No exception is thrown if setting environment variable is ignored by SSH server
[
https://issues.apache.org/jira/browse/SSHD-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623338#comment-17623338
]
dgü commented on SSHD-1308:
---
Hello!
{quote}How can the client tell that the server ignored the variable ?
{quote}
It's just a wording in a client side. Server may ignore or not ignore by doing
something internally. Anyway, whatever server does, it means it looks ignored
in client perspective.
I passed some environment variables by
{_}ClientSession#createExecChannel(command,null,env){_}. But, the environment
variables were not passed to the remote command.
{quote}Which means it would be a +custom+ implementation that will work only
with your client and server.
{quote}
Unfortunately, I can not be agree. If an argument of a client call is refused
by a server, client application must be notified by a message such as _setting
environment variable is not allowed_ instead of success.
As a workaround, I pass environment variables to command line as below:
For UNIX:
{code:java}
sh -c 'KEY1=VAL1 KEY2=VAL2 '/tmp/mycommand' 'arg1' 'arg2''{code}
For Windows:
{code:java}
cmd /c "SET KEY1=VAL1&&SET KEY2=VAL2&&"c:/myprogram" "arg1" "arg2""{code}
> No exception is thrown if setting environment variable is ignored by SSH
> server
> ---
>
> Key: SSHD-1308
> URL: https://issues.apache.org/jira/browse/SSHD-1308
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.9.1
> Environment: Java 8
>Reporter: dgü
>Priority: Major
>
> Hello!
> If an environment variable set by
> _org.apache.sshd.client.session.ClientSession#createExecChannel(command,null,env)_
> is ignored by SSH server and exit code returns 0, then this may cause
> unexpected behaviour in client application.
> For example, client application may do different tasks when an environment
> variable is set and not set. In both cases, client application may return 0.
> Client application may assume that it worked successfully. But, indeed its
> environment variable is ignored and worked as if environment variable is not
> set.
> is it possible throw an exception if setting environment variable is ignored
> by SSH server ?
> Thanks in advance...
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1308) No exception is thrown if setting environment variable is ignored by SSH server
[
https://issues.apache.org/jira/browse/SSHD-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623295#comment-17623295
]
Lyor Goldstein commented on SSHD-1308:
--
To add to it
{quote}
ignored by SSH server and exit code returns 0
{quote}
How can the client tell that the server ignored the variable ?
Like [~twolf] said:
{quote}
You could implement this yourself, but it'd be quite involved.
{quote}
Which means it would be a +custom+ implementation that will work only with your
client and server.
> No exception is thrown if setting environment variable is ignored by SSH
> server
> ---
>
> Key: SSHD-1308
> URL: https://issues.apache.org/jira/browse/SSHD-1308
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.9.1
> Environment: Java 8
>Reporter: dgü
>Priority: Major
>
> Hello!
> If an environment variable set by
> _org.apache.sshd.client.session.ClientSession#createExecChannel(command,null,env)_
> is ignored by SSH server and exit code returns 0, then this may cause
> unexpected behaviour in client application.
> For example, client application may do different tasks when an environment
> variable is set and not set. In both cases, client application may return 0.
> Client application may assume that it worked successfully. But, indeed its
> environment variable is ignored and worked as if environment variable is not
> set.
> is it possible throw an exception if setting environment variable is ignored
> by SSH server ?
> Thanks in advance...
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
[jira] [Commented] (SSHD-1308) No exception is thrown if setting environment variable is ignored by SSH server
[
https://issues.apache.org/jira/browse/SSHD-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17623011#comment-17623011
]
Thomas Wolf commented on SSHD-1308:
---
Like OpenSSH, Apache MINA sshd sends the channel requests for setting
environment variables with {{{}want-reply = false{}}}.
You could implement this yourself, but it'd be quite involved. Better figure
some other way to pass data to the server-side command, for instance via
command arguments.
> No exception is thrown if setting environment variable is ignored by SSH
> server
> ---
>
> Key: SSHD-1308
> URL: https://issues.apache.org/jira/browse/SSHD-1308
> Project: MINA SSHD
> Issue Type: Improvement
>Affects Versions: 2.9.1
> Environment: Java 8
>Reporter: dgü
>Priority: Major
>
> Hello!
> If an environment variable set by
> _org.apache.sshd.client.session.ClientSession#createExecChannel(command,null,env)_
> is ignored by SSH server and exit code returns 0, then this may cause
> unexpected behaviour in client application.
> For example, client application may do different tasks when an environment
> variable is set and not set. In both cases, client application may return 0.
> Client application may assume that it worked successfully. But, indeed its
> environment variable is ignored and worked as if environment variable is not
> set.
> is it possible throw an exception if setting environment variable is ignored
> by SSH server ?
> Thanks in advance...
>
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
-
To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org
For additional commands, e-mail: dev-h...@mina.apache.org
