Bug 3434 - provide a way to disable any set SetEnv and SendEnv
Summary: provide a way to disable any set SetEnv and SendEnv
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: 9.0p1
Hardware: Other All
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2022-05-16 02:18 AEST by Christoph Anton Mitterer
Modified: 2022-05-16 02:18 AEST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Anton Mitterer 2022-05-16 02:18:02 AEST 
It would be nice to have counterparts of ClearAllForwardings for SetEnv and SendEnv (probably independently for each).


Consider a user uses those in his ssh_config, maybe to even forward sensitive data (whether that's smart is of course another topic).

Now there may be programs that internally use a ssh connection for something, and which know already for sure that no Send/SetEnvs will be needed and they'd wish for a way to disable these.

One might think at first that it works to simply do:
-o SendEnv=-*
but while that would remove a previously set (on the command line)
-o SendEnv=foo
it doesn't affect anything from ssh_config, as this is parsed later (which I think would be nice to have explicitly documented, again, I could provide a patch if it helps).

A workaround for that is to use env and call e.g. env -i ssh ...

Perhaps it would be nice to have something like -o SendEnv=!PATTERN which removes PATTERN permanently (i.e. cannot be re-added later).

But there doesn't seem to be a way to generally (and permanently) remove any SetEnv set env vars.



Thanks,
Chris.