HPE Community
Operating System - HP-UX
1834200 Members
2624 Online
110066 Solutions
New Discussion

Different PATH via SSH and Telnet

 
SOLVED
Go to solution
Crystal_1
Frequent Advisor

‎05-02-2004 06:17 AM

‎05-02-2004 06:17 AM

Different PATH via SSH and Telnet

Hi, I recently found that I got different PATHs when I log on via SSH and TELNET. This is what I got by running set command:

Via SSH
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/opt/openssh/bin:/

Via Telnet
PATH=/usr/bin::/opt/openssh/bin:

Doesn't SSH and Telnet use the same file /etc/profile for Korn Shell?

Anyone have idea?

Thanks
Crystal

0 Kudos
Reply
9 REPLIES 9
Bill Hassell
Honored Contributor

‎05-02-2004 09:45 AM

‎05-02-2004 09:45 AM

Re: Different PATH via SSH and Telnet

Are you using the HP package for ssh on HP-UX? ssh and telnet logins both go through /etc/profile. I would add some debug echo's into /etc/profile and .profile that include where they are (filename) and the current value of $PATH. Normally, PATH is set with:

export PATH=$(cat /etc/PATH)

ABout the only controls for profiles in ssh is the PrintMotd option which is set to yes, the /etc/motd file will be displayed by ssh in addition to /etc/profile which also displays /etc/motd.


Bill Hassell, sysadmin
0 Kudos
Reply
Crystal_1
Frequent Advisor

‎05-02-2004 11:53 AM

‎05-02-2004 11:53 AM

Re: Different PATH via SSH and Telnet

It's confirmed that there is no .profile in my home directory.

/etc/profile controls Telnet, but still no clue which file controls SSH....

Crystal
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-02-2004 02:17 PM

‎05-02-2004 02:17 PM

Re: Different PATH via SSH and Telnet

Bill just said:

First /etc/profile is processed

then, if it exists .profile is processed.

Secure Shell(ssh), Telnet, thats what happens.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Zeev Schultz
Honored Contributor

‎05-02-2004 08:27 PM

‎05-02-2004 08:27 PM

Re: Different PATH via SSH and Telnet

If you've compiled the SSH there is
also a reference to PATH in the .configure :

--with-default-path= Specify default \$PATH environment for server

So I'd check .configure compile-time options.

rgds

Zeev
So computers don't think yet. At least not chess computers. - Seymour Cray
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎05-02-2004 10:09 PM

‎05-02-2004 10:09 PM

Solution

Re: Different PATH via SSH and Telnet

The default behaviour of OpenSSH is NOT to use the traditional 'login' process. A crude experiment would be to change the parameter "uselogin" in "/etc/ssh/sshd_config" to yes, and restart the daemon. Now try to connect, and see if your settings have changed. You should not leave SSH like this as it is a security problem, but at least you can nail it down a bit more.

Reply
Crystal_1
Frequent Advisor

‎05-03-2004 01:28 AM

‎05-03-2004 01:28 AM

Re: Different PATH via SSH and Telnet

Hi Andrew,

Thanks for your answer. It is the UseLogin parameter controlling the login environment. Can you elaborate on this, why changing no to yes causes a security issue?

In addition, you know where is the defult PATH set up in SSH? Can I modify it?

The problem I am currently having is that when I su to another id, I lost the PATH that I had with my login id. Looks like this switched id does not execute /etc/profile or the default SSH PATH, but the .profile if possible.

Thanks,
Crystal

0 Kudos
Reply
generic_1
Respected Contributor

‎05-03-2004 02:36 PM

‎05-03-2004 02:36 PM

Re: Different PATH via SSH and Telnet

It would not be a bad idea to add a .profile that way you can push out all the tweaks you prefer in your environment so you do not have to fight these types of things every time you log into a box. If you have your ssh keys set up this can be pretty painless :).
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎05-04-2004 09:30 AM

‎05-04-2004 09:30 AM

Re: Different PATH via SSH and Telnet

Hi Crystal,

Basically activating the uselogin takes the security control away from sshd, so any security settings like protecting environment variables, is nullified.

If you do a search from Google on ssh and uselogin, you should get a lot of in-depth explanations
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-04-2004 02:44 PM

‎05-04-2004 02:44 PM

Re: Different PATH via SSH and Telnet

Once you have logged in, your interface to HP-UX is through the shell so SSH won't have any ongoing effect except as setup prior to login. As far as $PATH not being set correctly by su, this is covered in the man page for su. If you use su user_name, you will get a terribly insecure environment. To have a predictable environment, you must always use su - user_name. That - is critical flag that performs a complete login. It is common for some sysadmins to simply type su to get to root--one of the most common habits that a hacker will exploit. You may want to put a wrapper around su that chastises anyone that does not use su -.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.