Unsetting ssh_connection

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hello newsgroup.

I am running FreeBSD with a jail to allow users to log in to my server.
  The server is behind a firewall and has a nonroutable internal ip
address.  Now, I am using NAT on the jail and the server and my gateway
has the outside address.  This outside address is all that I present to
the users even after they log in.  I have not permitted them to gleam
any information about my network structure except for one piece of
information.  When log in with ssh, the environment variable
SSH_CONNECTION has the jail's true internal address.

Here's my question.  Is there anything I can do on the server to change
or stop this environment variable from being set?

Mike Packard

Re: Unsetting ssh_connection

Quoted text here. Click to load it

If you set 'PermitUserEnvironment yes' in sshd_config, you can put


into $HOME/.ssh/environment to clear out the contents of the variable (I
don't think there is a way to unset it). Of course this can be removed
by the user if he can write to his home directory... A better way might
be to have a special shell, basically a wrapper that clears out any
unwanted environment variables before exec'ing the real one. Or just not
worry about it...

--Per Hedeland

Site Timeline