SSH and passing parameters

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Does anyone know if it is possible to pass a parameter from a local
shell to a remote shell when you carry out an interactive ssh login.

The reason I ask is if you su to root on your local host a `who am i`
still shows your original username and not root.

When you ssh to a remote host as root however a `who am i` will show
root and not the original user name.
What I would like to do is assign a parameter say USER-LOCAL. When root
then ssh's to a remote server the variable USER-LOCAL is carried from
the local shell to the remote shell. This would then enable me to track
who owned each root session on the remote box.

Thanks in advance,


Re: SSH and passing parameters

Quoted text here. Click to load it

One solution is to publickey authentication with OpenSSH, having a
separate key for each user in ~root/.ssh/authorized_keys, like so:

environment="USER_LOCAL=joe" ssh-dss AAAAB3NzaC1kc3MAAACBAMXXH+Sz...
environment="USER_LOCAL=bob" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAA...

A better overall solution can be had with Kerberos.  The usual reason for
ssh'ing "as root" is that su or sudo require a password, hence is
cumbersome for administration -- but you don't want to allow root access
with no extra authentication at all.  With Kerberos, you can do the

$ ssh ksu -e command

SSH will forward Kerberos credentials across the connection, where they
can be used to authorize root access (~root/.k5login).

  Richard Silverman

Re: SSH and passing parameters

Thanks for that. I will have a look into both your ideas.


Site Timeline