This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Windows environment variables in ssh sessions with privilege seperation

Sean Morgan wrote:
I have cygwin sshd installed using privilege separation but find that
when connected via ssh that neither the windows system nor user
variables are present in the bash shell as they are when cygwin is run
in a command shell from the Windows desktop.

Could someone explain to me why this might be or how it might be
corrected? My goal is that whether a user connects via ssh or starts a
shell from the Windows GUI that they have a consistent bash environment.

This has been discussed before.  A minimal shell environment is communicated
to each session started via 'ssh'.  This is to limit security holes.  Either
of the two options below is your alternative.

I suspect that the root of this problem lies in the privilege separation
but I don't think I can get away from this if I want to use network
shares with smbntsec. I am considering two possible workarounds if the
core problem cannot be addressed:

No, privilege separation has nothing to do with this or the use (or not)
of network shares.  If part at least part of your goal in using 'ssh' is
secure connections, privilege separation makes sense.

1. Create a bash script that sets the same variables as they are set in
Windows and dump it into /etc/profile.d. This though seems to have the
disadvantage that it will need to be maintained and as they Windows
environment variables may change would end up divergent.

2. Create a bash script that extracts the Windows variables from the
registry and resets them as needed and dump this script
into /etc/profile.d. This has the advantage that it can automatically
keep up with changes in the Windows environment variables.


-- Larry Hall RFK Partners, Inc. (508) 893-9779 - RFK Office 216 Dalton Rd. (508) 893-9889 - FAX Holliston, MA 01746

Unsubscribe info:
Problem reports:

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]