Setting a variable for a given SSH host

Question

In ssh_config, one can choose to export some environment variables to the host using SendEnv.

Is there also a way to force a given value for this variable, per host? For example, would it be possible to export variable $FOO with value bar only when connecting to host example.com?

kenorb · Answer 1 · 2019-10-27T14:46:43.673

You can give a specific value by using SetEnv in your ~/.ssh/config, e.g.

Host *
  SetEnv FOO=bar

As per man ssh_config:

Directly specify one or more environment variables and their contents to be sent to the server. Similarly to SendEnv, the server must be prepared to accept the environment variable.

Assuming your server got the following line in /etc/ssh/sshd_config:

AcceptEnv LANG LC_* FOO

Check also: man ssh_config and man sshd_config.

score 33 · Accepted Answer · answered Feb 27 '13 at 07:30

You can't give a specific value for an environment variable in ssh_config, but you can certainly send the existing environment variable only to specific hosts.

Host example.com
    SendEnv FOO

To complete the chain:

FOO=bar ssh user@example.com

Finally, the remote server must have the environment variable listed in AcceptEnv in its sshd_config.

AcceptEnv FOO

score 2 · Answer 3 · answered Nov 20 '20 at 03:21

I want to highlight the SendEnv / AcceptEnv answer and a different way to trigger it.

user1@host1 $ export LC_SECRET="pencil"
user1@host1 $ export LC_MAGIC="xyzzy"
user1@host1 $ ssh -o "SendEnv LC_*" user2@host2
user2@host2 $ echo $LC_SECRET
pencil
user2@host2 $ echo $LC_MAGIC
xyzzy

What's happening here is we're declaring environment variables called LC_SECRET and LC_MAGIC. We've requested to send both LC_SECRET and LC_MAGIC to the remote host using SendEnv. The remote host will accept it because it has the following rule in /etc/ssh/sshd_config:

AcceptEnv LANG LC_*

This is, obviously an exploit of the remote system that automatically accepts the LANG environment variable or ANY environment variable starting with LC_.

Hence, why I named my variables LC_SECRET and LC_MAGIC.

If you want to do it properly, the remote system will require sudo access for you to modify /etc/ssh/sshd_config to append other environment variables.

score 2 · Answer 4 · answered Feb 27 '13 at 07:39

2

You can set per host config values using .ssh/config file. For example:

Host example.com
SendEnv FOO

Note that server must also support it.

answered Feb 27 '13 at 07:39

user156525

336

score 1 · Answer 5 · answered Jan 10 '19 at 09:05

1

Another idea is to set the environment variables in the ssh command and run an interactive shell, eg. i'm trying to invoke an interactive shell with env-var 'MANWIDTH':

ssh example.com 'MANWIDTH=120 bash -li'

answered Jan 10 '19 at 09:05

huch

131
4

score 0 · Answer 6 · answered Feb 03 '22 at 11:21

0

To send a different value of the env variable than the value of the env in the shell:

Host host
    ProxyCommand ENV=value ssh -W [%h]:%p
    SendEnv ENV

answered Feb 03 '22 at 11:21

BacLuc

1

Setting a variable for a given SSH host

6 Answers6

Linked