SSH_CLIENT in recent OpenBSD releases

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

SSH_CLIENT in recent OpenBSD releases

bernd-34
Hi,

I've got to port some shell scripts which rely on env vars. One amongst
those is $SSH_CLIENT.

On OpenBSD 5.1 machines, I don't get what I'd assume to get:

# echo $SSH_CLIENT

It returns just a blank line.

I re-tested this on an older development machine, running OpenBSD 4.6:

# echo $SSH_CLIENT
123.45.67.89 34402 22

Is that an intended change in behavior (security related)? I didn't
find a changelog entry, neither documentation.

Thanks,

Bernd

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

Paul de Weerd
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:
| Hi,
|
| I've got to port some shell scripts which rely on env vars. One
| amongst those is $SSH_CLIENT.
|
| On OpenBSD 5.1 machines, I don't get what I'd assume to get:
|
| # echo $SSH_CLIENT
|
| It returns just a blank line.

This "Works For Me (tm)" on a snapshot I installed yesterday.  I ssh
into my machine and SSH_CLIENT contains the expected value.

| I re-tested this on an older development machine, running OpenBSD 4.6:
|
| # echo $SSH_CLIENT
| 123.45.67.89 34402 22
|
| Is that an intended change in behavior (security related)? I didn't
| find a changelog entry, neither documentation.

Can you confirm your shell initialization isn't clearing this
environment variable ?

Paul 'WEiRD' de Weerd

--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
                 http://www.weirdnet.nl/

[demime 1.01d removed an attachment of type application/pgp-signature]

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

Maurice Janssen-2
In reply to this post by bernd-34
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:

>Hi,
>
>I've got to port some shell scripts which rely on env vars. One
>amongst those is $SSH_CLIENT.
>
>On OpenBSD 5.1 machines, I don't get what I'd assume to get:
>
># echo $SSH_CLIENT
>
>It returns just a blank line.
>
>I re-tested this on an older development machine, running OpenBSD 4.6:
>
># echo $SSH_CLIENT
>123.45.67.89 34402 22

I do get an answer like the above on a 5.1 machine.
So perhaps something in your local environment that clear it?

--
Maurice

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

Otto Moerbeek
In reply to this post by bernd-34
On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:

> Hi,
>
> I've got to port some shell scripts which rely on env vars. One
> amongst those is $SSH_CLIENT.
>
> On OpenBSD 5.1 machines, I don't get what I'd assume to get:
>
> # echo $SSH_CLIENT
>
> It returns just a blank line.
>
> I re-tested this on an older development machine, running OpenBSD 4.6:
>
> # echo $SSH_CLIENT
> 123.45.67.89 34402 22
>
> Is that an intended change in behavior (security related)? I didn't
> find a changelog entry, neither documentation.
>
> Thanks,
>
> Bernd

SSH_CONNECTION replaces SSH_CLIENT. See the commit below and
https://bugzilla.mindrot.org/show_bug.cgi?id=384

CVSROOT:        /cvs
Module name:    src
Changes by:     [hidden email] 2002/09/12 13:50:36

Modified files:
        usr.bin/ssh    : session.c ssh.1

Log message:
add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@

        -Otto

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

bernd-34
In reply to this post by Paul de Weerd
Am 2012-10-11 10:50, schrieb Paul de Weerd:

> On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:
> | Hi,
> |
> | I've got to port some shell scripts which rely on env vars. One
> | amongst those is $SSH_CLIENT.
> |
> | On OpenBSD 5.1 machines, I don't get what I'd assume to get:
> |
> | # echo $SSH_CLIENT
> |
> | It returns just a blank line.
>
> This "Works For Me (tm)" on a snapshot I installed yesterday.  I ssh
> into my machine and SSH_CLIENT contains the expected value.

Weird. I tested on four amd64 5.1 machines, totally default setups, all
the same phenomenon.

> | I re-tested this on an older development machine, running OpenBSD
> 4.6:
> |
> | # echo $SSH_CLIENT
> | 123.45.67.89 34402 22
> |
> | Is that an intended change in behavior (security related)? I didn't
> | find a changelog entry, neither documentation.
>
> Can you confirm your shell initialization isn't clearing this
> environment variable ?

Defaults everywhere, as on the machine(s) running earlier releases.

Bernd

> Paul 'WEiRD' de Weerd
>
> --
>>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
> +++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
>                  http://www.weirdnet.nl/
>
> [demime 1.01d removed an attachment of type
> application/pgp-signature]

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

Otto Moerbeek
In reply to this post by Otto Moerbeek
On Thu, Oct 11, 2012 at 10:54:05AM +0200, Otto Moerbeek wrote:

> On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:
>
> > Hi,
> >
> > I've got to port some shell scripts which rely on env vars. One
> > amongst those is $SSH_CLIENT.
> >
> > On OpenBSD 5.1 machines, I don't get what I'd assume to get:
> >
> > # echo $SSH_CLIENT
> >
> > It returns just a blank line.
> >
> > I re-tested this on an older development machine, running OpenBSD 4.6:
> >
> > # echo $SSH_CLIENT
> > 123.45.67.89 34402 22
> >
> > Is that an intended change in behavior (security related)? I didn't
> > find a changelog entry, neither documentation.
> >
> > Thanks,
> >
> > Bernd
>
> SSH_CONNECTION replaces SSH_CLIENT. See the commit below and
> https://bugzilla.mindrot.org/show_bug.cgi?id=384

Ehh, replace is not the right word. It's still there.

>
> CVSROOT:        /cvs
> Module name:    src
> Changes by:     [hidden email] 2002/09/12 13:50:36
>
> Modified files:
>         usr.bin/ssh    : session.c ssh.1
>
> Log message:
> add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
>
> -Otto

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

bernd-34
Am 2012-10-11 11:01, schrieb Otto Moerbeek:

> On Thu, Oct 11, 2012 at 10:54:05AM +0200, Otto Moerbeek wrote:
>
>> On Thu, Oct 11, 2012 at 10:38:04AM +0200, Bernd wrote:
>>
>> > Hi,
>> >
>> > I've got to port some shell scripts which rely on env vars. One
>> > amongst those is $SSH_CLIENT.
>> >
>> > On OpenBSD 5.1 machines, I don't get what I'd assume to get:
>> >
>> > # echo $SSH_CLIENT
>> >
>> > It returns just a blank line.
>> >
>> > I re-tested this on an older development machine, running OpenBSD
>> 4.6:
>> >
>> > # echo $SSH_CLIENT
>> > 123.45.67.89 34402 22
>> >
>> > Is that an intended change in behavior (security related)? I
>> didn't
>> > find a changelog entry, neither documentation.
>> >
>> > Thanks,
>> >
>> > Bernd
>>
>> SSH_CONNECTION replaces SSH_CLIENT. See the commit below and
>> https://bugzilla.mindrot.org/show_bug.cgi?id=384
>
> Ehh, replace is not the right word. It's still there.

Thanks for that hint, but still:

# echo $SSH_CONNECTION

# echo $SSH_CLIENT

#

On the older machines, interesingly (and 'of course'), both return
sensible data.

Bernd

>> CVSROOT:        /cvs
>> Module name:    src
>> Changes by:     [hidden email] 2002/09/12 13:50:36
>>
>> Modified files:
>>         usr.bin/ssh    : session.c ssh.1
>>
>> Log message:
>> add SSH_CONNECTION and deprecate SSH_CLIENT; bug #384.  ok markus@
>>
>> -Otto

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

bernd-34
In reply to this post by bernd-34
Am 2012-10-11 10:38, schrieb Bernd:

> Hi,
>
> I've got to port some shell scripts which rely on env vars. One
> amongst those is $SSH_CLIENT.
>
> On OpenBSD 5.1 machines, I don't get what I'd assume to get:
>
> # echo $SSH_CLIENT
>
> It returns just a blank line.

Logged in as normal user, became root via 'su -'. That triggers
mentioned behavior, just using 'su' keeps it behaving as expected.

Thanks,

Bernd

> I re-tested this on an older development machine, running OpenBSD
> 4.6:
>
> # echo $SSH_CLIENT
> 123.45.67.89 34402 22
>
> Is that an intended change in behavior (security related)? I didn't
> find a changelog entry, neither documentation.
>
> Thanks,
>
> Bernd

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

Peter Hessler
On 2012 Oct 11 (Thu) at 11:15:24 +0200 (+0200), Bernd wrote:
:Am 2012-10-11 10:38, schrieb Bernd:
:>Hi,
:>
:>I've got to port some shell scripts which rely on env vars. One
:>amongst those is $SSH_CLIENT.
:>
:>On OpenBSD 5.1 machines, I don't get what I'd assume to get:
:>
:># echo $SSH_CLIENT
:>
:>It returns just a blank line.
:
:Logged in as normal user, became root via 'su -'. That triggers
:mentioned behavior, just using 'su' keeps it behaving as expected.
:

$ man su
...
     -       Same as the -l option (deprecated).
...
     -l      Simulate a full login.  The environment is discarded except for
             HOME, SHELL, PATH, TERM, LOGNAME, and USER.  HOME and SHELL are
             modified as above.  LOGNAME and USER are set to the target login.
             PATH is set to the value specified by the ``path'' entry in
             login.conf(5).  TERM is imported from your current environment.
             The invoked shell is the target login's, and su will change
             directory to the target login's home directory.


--
Distress, n.:
        A disease incurred by exposure to the prosperity of a friend.
                -- Ambrose Bierce, "The Devil's Dictionary"

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

bernd-34
Am 2012-10-11 11:29, schrieb Peter Hessler:

> On 2012 Oct 11 (Thu) at 11:15:24 +0200 (+0200), Bernd wrote:
> :Am 2012-10-11 10:38, schrieb Bernd:
> :>Hi,
> :>
> :>I've got to port some shell scripts which rely on env vars. One
> :>amongst those is $SSH_CLIENT.
> :>
> :>On OpenBSD 5.1 machines, I don't get what I'd assume to get:
> :>
> :># echo $SSH_CLIENT
> :>
> :>It returns just a blank line.
> :
> :Logged in as normal user, became root via 'su -'. That triggers
> :mentioned behavior, just using 'su' keeps it behaving as expected.
> :
>
> $ man su
> ...
>      -       Same as the -l option (deprecated).
> ...
>      -l      Simulate a full login.  The environment is discarded
> except for
>              HOME, SHELL, PATH, TERM, LOGNAME, and USER.  HOME and
> SHELL are
>              modified as above.  LOGNAME and USER are set to the
> target login.
>              PATH is set to the value specified by the ``path'' entry
> in
>              login.conf(5).  TERM is imported from your current
> environment.
>              The invoked shell is the target login's, and su will
> change
>              directory to the target login's home directory.

Known for decades, sure. Still wonder what changed. Machines are pretty
extremely default setups.

Bernd

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

Jan Stary
In reply to this post by bernd-34
On Oct 11 10:38:04, [hidden email] wrote:

> Hi,
>
> I've got to port some shell scripts which rely on env vars. One
> amongst those is $SSH_CLIENT.
>
> On OpenBSD 5.1 machines, I don't get what I'd assume to get:
>
> # echo $SSH_CLIENT
>
> It returns just a blank line.

Are you in fact ssh-connected to the machine you are running this on?
That is, are you running this in the sshd-spawned shell?

Reply | Threaded
Open this post in threaded view
|

Re: SSH_CLIENT in recent OpenBSD releases

John Long-4
Missed the earlier part of this thread but...

If you su - to another userid the environment variable appears to get
unset. To the OP have you su'd or are do trying this immediately on login. I
am running 5.1-stable and current and $SSH_CLIENT is valid on both boxes.


On Thu, Oct 11, 2012 at 05:02:39PM +0200, Jan Stary wrote:

> On Oct 11 10:38:04, [hidden email] wrote:
> > Hi,
> >
> > I've got to port some shell scripts which rely on env vars. One
> > amongst those is $SSH_CLIENT.
> >
> > On OpenBSD 5.1 machines, I don't get what I'd assume to get:
> >
> > # echo $SSH_CLIENT
> >
> > It returns just a blank line.
>
> Are you in fact ssh-connected to the machine you are running this on?
> That is, are you running this in the sshd-spawned shell?
>

--
ASCII ribbon campaign ( ) Powered by Lemote Fuloong
 against HTML e-mail   X  Loongson MIPS and OpenBSD
   and proprietary    / \    http://www.mutt.org
     attachments            Code Blue or Go Home!