Login or Register to Ask a Question and Join Our Community


Solaris

Solaris 8 ssh issue - $SSH_ORIGINAL_COMMAND undefined variables

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris Solaris 8 ssh issue - $SSH_ORIGINAL_COMMAND undefined variables
# 1  
Old 02-16-2017
Solaris 8 ssh issue - $SSH_ORIGINAL_COMMAND undefined variables
I face a weird question I don't know how to deal with.
I tried to limit the permission of root user to remote login using ssh.
So I did the following for a client server,

1. edit /usr/local/etc/sshd_config and modify as below
Code:
PermitRootLogin forced-commands-only

2. using pubkey authentication and add the following command to authorized_keys
Code:
command="source /root/testssh" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAA...... root@hostserver

3. using a wrapper script "testssh" to parse $SSH_ORIGINAL_COMMAND and then do its own work. the test script is as below,
Code:
#!/bin/bash

case $SSH_ORIGINAL_COMMAND in
  "shutdown")
        Platform=`uname`
        if [ $Platform == "Linux" ]; then
          echo "This is Linux"
        elif [ $Platform == "SunOS" ]; then
          echo "This is SunOS"
        fi
        ;;
  "test")
        echo "Test connection. This is `hostname`."
        ;;
  *)
        echo "Permission Denied. Terminated."
        exit 1
        ;;
esac


The Solaris host ssh version is OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, and
there are two clients to test.
  • client 1: Solaris system using ssh version OpenSSH_5.9p1
  • client 2: Linux red hat 5.7 using ssh version OpenSSH_4.3p2

When I tested it using ssh root@client1 or ssh root@client1 "arguments" from the host connecting to clients, it worked well when connecting to the client 2, which is Linux OS. But when connecting to client 1, which is Solaris system, it kept showing the following message,
Code:
SSH_ORIGINAL_COMMAND: Undefined variable

I just can't figure it out. As I know, ssh will normally set this environment variables.

Does someone have any idea?? I've stuck on this for a while. Smilie
Last edited by rbatte1; 02-16-2017 at 04:17 AM.. Reason: Added ICODE and LIST tags
# 2  
Old 02-16-2017
Can you take out the restriction again and run a simple remote command to list out the variables set into a file? Something like this might do:-
Code:
ssh root@client1 "env > /tmp/root.ssh.env ; set > /tmp/root.ssh.set"

Then sign in and have a look in the two files created to see if anything leaps out. I'm afraid that I don't have a Solaris server available to test this.


I hope that this helps,
Robin
Last edited by rbatte1; 02-16-2017 at 04:21 AM.. Reason: Spelling correction
# 3  
Old 02-16-2017
Quote:
Originally Posted by rbatte1
Can you take out the restriction again and run a simple remote command to list out the variables set into a file? Something like this might do:-
Code:
ssh root@client1 "env > /tmp/root.ssh.env ; set > /tmp/root.ssh.set"

Then sign in and have a look in the two files created to see if anything leaps out. I'm afraid that I don't have a Solaris server available to test this.


I hope that this helps,
Robin
Thanks for your suggestion. I wrote out two files as you said, but I can't see the key points. Would you give me some hints? Thanks.

root.ssh.env
Code:
USER=root
LOGNAME=root
HOME=/
PATH=.:/:/usr/openwin/bin/xview:/usr/openwin/bin:/sbin:/usr/sbin:/usr/ccs/bin:/usr/bin:/usr/ucb:/
bin:/usr/local:/usr/drac:/usr/local/bin:/usr/local/sbin
MAIL=/var/mail/root
SHELL=/bin/tcsh
TZ=Asia/Taipei
SSH_CLIENT=172.26.80.85 37543 22
SSH_CONNECTION=172.26.80.85 37543 172.26.80.82 22
HOSTTYPE=sun4
VENDOR=sun
OSTYPE=solaris
MACHTYPE=sparc
SHLVL=1
PWD=/
GROUP=other
HOST=client1
LD_LIBRARY_PATH=/lib:/usr/lib:/usr/local/lib
MANPATH=/usr/local/man:/usr/man:/usr/openwin/man:/home7/SUNWspro/man

root.ssh.set
Code:
addsuffix       
argv    ()
command env > /tmp/root.ssh.env; set > /tmp/root.ssh.set
cwd     /
dirstack        /
echo_style      bsd
gid     1
group   other
history 80
home    /
ignoreeof       
lpath   (/usr/openwin/bin/xview /usr/openwin/bin)
mychoice        openwin
noclobber       
owd     
path    (. / /usr/openwin/bin/xview /usr/openwin/bin /sbin /usr/sbin /usr/ccs/bin /usr/bin /usr/u
cb /bin /usr/local /usr/drac /usr/local/bin /usr/local/sbin)
prompt  client1.root{~ }# 
shell   /bin/tcsh
shlvl   1
status  0
tcsh    6.10.00
tty     
uid     0
user    root
version tcsh 6.10.00 (Astron) 2000-11-19 (sparc-sun-solaris) options 8b,nls,dl,al,rh,color

# 4  
Old 02-16-2017
From the sshd man page rg. the authorized_keys file format:
Quote:
The command originally supplied by the client is available in the SSH_ORIGINAL_COMMAND environment variable. Note that this option applies to shell, command or subsystem execution. Also note that this command may be superseded by either a sshd_config(5) ForceCommand directive or a command embedded in a certificate.
so your first test command may not supply that variable.
I'm a bit insecure reg. your use of "host" and "client" which I think should be reversed...?
# 5  
Old 02-16-2017
Your default shell on the Solaris server is tcsh, which might be causing the problem. Perhaps try this instead:-
Code:
ssh root@client1 "echo set | bash > /tmp/root.ssh.bash.set"


I must agree with RudiC too, a client connects to a server, not the other way around.


Robin
This User Gave Thanks to rbatte1 For This Post:
bestard
# 6  
Old 02-16-2017
Quote:
Originally Posted by RudiC
From the sshd man page rg. the authorized_keys file format:
so your first test command may not supply that variable.
I'm a bit insecure reg. your use of "host" and "client" which I think should be reversed...?
Oops, I might a little bit messed up with "host" and "client". Actually, I want to do a remote shutdown test from my "host" to shut down "all clients", and that's why I messed it up. I'll use your words below.

As you said, my first test command may not supply that variable. Do you mean client1 may not support the variable SSH_ORIGINAL_COMMAND?
Is this because of the ssh version too old? Is there any workaround?

Thanks.
# 7  
Old 02-16-2017
man ssh:
Quote:
ssh [-l login_name] hostname | user@hostname [ command]
That "command" is supplied in the SSH_ORIGINAL_COMMAND variable. Your ssh root@client1 doesn't supply one, so the variable will be empty/undefined. Supply one!
This User Gave Thanks to RudiC For This Post:
bestard
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Read several variables from command output via SSH

Hi Folks, I'm currently trying to read several values into different variables. Actually, what I'm doing works, but I get an error message. My attempts are: read strCPROC strIPROC strAPROC <<<$(ssh -n -T hscroot@$HMC "lshwres -r proc -m $strIDENT --level sys -F \"configurable_sys_proc_units... (11 Replies)
Discussion started by: NKaede
11 Replies

2. Shell Programming and Scripting

How to Simulate parallel-ssh with variables ??

alias n-001='ssh hst-net-001' alias n-002='ssh hst-net-002' alias n-003='ssh hst-net-003' alias n-004='ssh hst-net-004' alias p-001='ssh hst-proxy-001' alias p-002='ssh hst-proxy-002' alias p-003='ssh hst-proxy-003' alias p-004='ssh hst-proxy-004'... (0 Replies)
Discussion started by: lohith.dutta
0 Replies

3. Shell Programming and Scripting

ksh - keep argument variables after ssh

i have a script that should ssh to different host/server. See below: ./script.ksh var1 var2 var3 case $ser in ser1) depo='appr1' set -A aprrA aprrB ssh ser2 "/home/dir/script.ksh $1 $2 $3" ssh ser3 "/home/dir/script.ksh $1 $2 $3" ssh ser4... (4 Replies)
Discussion started by: erin00
4 Replies

4. UNIX for Dummies Questions & Answers

Solaris 11.2 / OSX 10.9.5 SSH issue

I could use a fresh pair of eyes to look at this, because it has me baffled. I am attempting to setup pasword-less ssh keys (rsa) between 2 systems. As the user (admin on both systems), I have generated the keys on both the Solaris 11 and the OSX systems and using the cat command, I have copied the... (3 Replies)
Discussion started by: SmokeyJoe
3 Replies

5. Cybersecurity

SSH password-less login issue between linux and solaris

Hello Gurus, I am trying to set up bidirectional password-less login between a linux and a Solaris. The way I am doing is very simple, which is creating pub/priv key pairs on each host and add the pub key to each other's authorized_keys file: ssh-keygen -t rsa (I tried dsa, and it didn't work... (4 Replies)
Discussion started by: error_lee
4 Replies

6. Solaris

Solaris 8 ssh public key authentication issue - Server refused our key

Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks. ... (1 Reply)
Discussion started by: aixlover
1 Replies

7. Shell Programming and Scripting

variables inside an ssh session

Hello all, I would like to declare and use variables inside an ssh session. I have the feeling that it's not possible. Here is the situtation simpified: #:/bin/sh test="salut" echo $test ssh hudson@10.41.21.99 <<EOF export testssh="salut" echo testssh=$testssh ... (4 Replies)
Discussion started by: Lotfus
4 Replies

8. Shell Programming and Scripting

Using variables in SSH

Please tell me what is wrong in the following shell script. #!/bin/sh DATE1=`date -d "yesterday" +"%Y-%m-%d"` ssh ftwplapp01 << EOF echo "Date is :" $DATE1 > /tmp/testfile cd /app/was6/AppServer/logs/prod_ebp_live/ebp tar cvf /app/was6/AppServer/logs/prod_ebp_live_applogs_$DATE1.tar `find... (1 Reply)
Discussion started by: tsryn
1 Replies

9. Solaris

trouble auto connecting ssh 3.6.1 (Solaris 8) to ssh 3.0.1 (Solaris 6)

I am currently setting up rdiff-backup to use ssh to connect and remotely backup and retrieve data. I am doing so by creating rsa keys for each server and copying the relevant key to the /.ssh folder on the relevant server. All seems to work well when severs running solaris 8 with ssh 3.6.1 are... (6 Replies)
Discussion started by: falklandtim
6 Replies
Login or Register to Ask a Question