Solaris 8 ssh issue - $SSH_ORIGINAL_COMMAND undefined variables
I face a weird question I don't know how to deal with.
I tried to limit the permission of root user to remote login using ssh.
So I did the following for a client server,
1. edit /usr/local/etc/sshd_config and modify as below
2. using pubkey authentication and add the following command to authorized_keys
3. using a wrapper script "testssh" to parse $SSH_ORIGINAL_COMMAND and then do its own work. the test script is as below,
The Solaris host ssh version is OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, and
there are two clients to test.
client 1: Solaris system using ssh version OpenSSH_5.9p1
client 2: Linux red hat 5.7 using ssh version OpenSSH_4.3p2
When I tested it using ssh root@client1 or ssh root@client1 "arguments" from the host connecting to clients, it worked well when connecting to the client 2, which is Linux OS. But when connecting to client 1, which is Solaris system, it kept showing the following message,
I just can't figure it out. As I know, ssh will normally set this environment variables.
Does someone have any idea?? I've stuck on this for a while.
Last edited by rbatte1; 02-16-2017 at 04:17 AM..
Reason: Added ICODE and LIST tags
Can you take out the restriction again and run a simple remote command to list out the variables set into a file? Something like this might do:-
Then sign in and have a look in the two files created to see if anything leaps out. I'm afraid that I don't have a Solaris server available to test this.
I hope that this helps,
Robin
Last edited by rbatte1; 02-16-2017 at 04:21 AM..
Reason: Spelling correction
Can you take out the restriction again and run a simple remote command to list out the variables set into a file? Something like this might do:-
Then sign in and have a look in the two files created to see if anything leaps out. I'm afraid that I don't have a Solaris server available to test this.
I hope that this helps,
Robin
Thanks for your suggestion. I wrote out two files as you said, but I can't see the key points. Would you give me some hints? Thanks.
From the sshd man page rg. the authorized_keys file format:
Quote:
The command originally supplied by the client is available in the SSH_ORIGINAL_COMMAND environment variable. Note that this option applies to shell, command or subsystem execution. Also note that this command may be superseded by either a sshd_config(5) ForceCommand directive or a command embedded in a certificate.
so your first test command may not supply that variable.
I'm a bit insecure reg. your use of "host" and "client" which I think should be reversed...?
From the sshd man page rg. the authorized_keys file format:
so your first test command may not supply that variable.
I'm a bit insecure reg. your use of "host" and "client" which I think should be reversed...?
Oops, I might a little bit messed up with "host" and "client". Actually, I want to do a remote shutdown test from my "host" to shut down "all clients", and that's why I messed it up. I'll use your words below.
As you said, my first test command may not supply that variable. Do you mean client1 may not support the variable SSH_ORIGINAL_COMMAND?
Is this because of the ssh version too old? Is there any workaround?
That "command" is supplied in the SSH_ORIGINAL_COMMAND variable. Yourssh root@client1 doesn't supply one, so the variable will be empty/undefined. Supply one!
Hi Folks,
I'm currently trying to read several values into different variables.
Actually, what I'm doing works, but I get an error message.
My attempts are:
read strCPROC strIPROC strAPROC <<<$(ssh -n -T hscroot@$HMC "lshwres -r proc -m $strIDENT --level sys -F \"configurable_sys_proc_units... (11 Replies)
alias n-001='ssh hst-net-001'
alias n-002='ssh hst-net-002'
alias n-003='ssh hst-net-003'
alias n-004='ssh hst-net-004'
alias p-001='ssh hst-proxy-001'
alias p-002='ssh hst-proxy-002'
alias p-003='ssh hst-proxy-003'
alias p-004='ssh hst-proxy-004'... (0 Replies)
i have a script that should ssh to different host/server. See below:
./script.ksh var1 var2 var3
case $ser in
ser1)
depo='appr1'
set -A aprrA aprrB
ssh ser2 "/home/dir/script.ksh $1 $2 $3"
ssh ser3 "/home/dir/script.ksh $1 $2 $3"
ssh ser4... (4 Replies)
I could use a fresh pair of eyes to look at this, because it has me baffled. I am attempting to setup pasword-less ssh keys (rsa) between 2 systems. As the user (admin on both systems), I have generated the keys on both the Solaris 11 and the OSX systems and using the cat command, I have copied the... (3 Replies)
Hello Gurus,
I am trying to set up bidirectional password-less login between a linux and a Solaris. The way I am doing is very simple, which is creating pub/priv key pairs on each host and add the pub key to each other's authorized_keys file:
ssh-keygen -t rsa (I tried dsa, and it didn't work... (4 Replies)
Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks.
... (1 Reply)
Hello all,
I would like to declare and use variables inside an ssh session. I have the feeling that it's not possible. Here is the situtation simpified:
#:/bin/sh
test="salut"
echo $test
ssh hudson@10.41.21.99 <<EOF
export testssh="salut"
echo testssh=$testssh
... (4 Replies)
Please tell me what is wrong in the following shell script.
#!/bin/sh
DATE1=`date -d "yesterday" +"%Y-%m-%d"`
ssh ftwplapp01 << EOF
echo "Date is :" $DATE1 > /tmp/testfile
cd /app/was6/AppServer/logs/prod_ebp_live/ebp
tar cvf /app/was6/AppServer/logs/prod_ebp_live_applogs_$DATE1.tar `find... (1 Reply)
I am currently setting up rdiff-backup to use ssh to connect and remotely backup and retrieve data. I am doing so by creating rsa keys for each server and copying the relevant key to the /.ssh folder on the relevant server.
All seems to work well when severs running solaris 8 with ssh 3.6.1 are... (6 Replies)