Hi guys, I'm having a little trouble with the current semantics of the PermitUserEnv directive. I would like to be able to force certain environment variables for some of the ssh keys I'm using. It seems that apart from using the command="..." keyword in authorized_keys, there is also the possibility to specify additional variables using the environment="..." keyword. However, in order to make this work I have to enable PermitUserEnv in the sshd_config (also enabling parsing of ~/.ssh/environment), otherwise the keys are rejected with "Bad options in [...]/authorized_keys file" This seems a bit harsh. Considering, that a) clients can always send arbitrary variables with -o SendEnv and b) accepted variables have to be additionally whitelisted in AcceptEnv anyways, rejecting those keys seems a bit counterintuitive. Maybe it would be more intuitive to accept the keys by ignoring the environment="..." variable and simply throwing a warning? I would also certainly appreciate the possibility to force environment variables for individual keys without having to enable PermitUserEnv globally. cheers, erik _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
