Re: Setting variable in /etc/environment has no effect for ssh session

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

Currently, have "session required pam_env.so debug" in /etc/pam.d/sshd and "UsePAM yes" in /etc/ssh/sshd_config. 

After restart sshd service and ssh from 192.168.7.3 as below:
# ssh root@192.168.7.4
# echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin

And still didn't the expected PATH.


on 192.168.7.4,
# tail -f /var/log/auth.log
2025-04-21T02:54:21.449615+00:00 intel-x86-64 sshd-session[510]: pam_unix(sshd:auth): user [root] has blank password; authenticated without it 2025-04-21T02:54:21.468311+00:00 intel-x86-64 sshd-session[510]: Accepted none for root from 192.168.7.3 port 58598 ssh2 2025-04-21T02:54:21.484910+00:00 intel-x86-64 sshd-session[510]: pam_unix(sshd:session): session opened for user root(uid=0) by (uid=0) 2025-04-21T02:54:21.576909+00:00 intel-x86-64 systemd-logind[213]: New session c3 of user root. 2025-04-21T02:54:21.630455+00:00 intel-x86-64 sshd-session[510]: pam_env(sshd:session): pam_putenv("PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/root/test") 


Any hints?

Thanks,

On 4/20/25 06:21, Darren Tucker wrote:

**
*CAUTION: This email comes from a non Wind River email account!*
Do not click links or open attachments unless you recognize the sender and know the content is safe. On Sat, 19 Apr 2025 at 14:44, Damien Miller <djm@xxxxxxxxxxx <mailto:djm@xxxxxxxxxxx>> wrote: 

    On Thu, 17 Apr 2025, Yu, Mingli wrote:
    [...]
     > I'm using openssh 9.9p2 and have defined the below logic into
    /etc/pam.d/sshd.
     > session required pam_env.so
    <https://urldefense.com/v3/__http://pam_env.so__;!!AjveYdw8EvQ!ZF2OrMmsX8vpTUUNHA1hkQKhLFYw1eSerAeBs45Y92R-IRsNsV7fDp8ghtUn-_TDVrtRnb2Fu9vW5DOGCtc2GXc$>
     >
     > But the environment variables defined in /etc/environment file
    are not
     > effective when login via ssh. Could you help to guide what's
    wrong here?

    I don't know why this isn't working for you, AFAIK it supported.
    Perhaps try turning on debugging logs from pam_env?
Also check that you are actually using PAM in sshd ("UsePAM yes" in sshd_config, it defaults to no) and that if set, PAMServiceName refers to the config you expect (it defaults to "sshd"). 

--
Darren Tucker (dtucker at dtucker.net <https://urldefense.com/v3/__http://dtucker.net__;!!AjveYdw8EvQ!ZF2OrMmsX8vpTUUNHA1hkQKhLFYw1eSerAeBs45Y92R-IRsNsV7fDp8ghtUn-_TDVrtRnb2Fu9vW5DOGzc4KQRg$>) 
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux