HPE Community
Operating System - OpenVMS
1824244 Members
3494 Online
109669 Solutions
New Discussion юеВ

Best way to pass data to an ssh session from a unix client,

 
Gilles Pion
Advisor

тАО05-22-2007 01:33 AM

тАО05-22-2007 01:33 AM

Best way to pass data to an ssh session from a unix client,

Hello everybody,

I'm connecting from an unix openssh client to a OpenVMS 7.3-2 host (running HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 6)

I'm looking for a way to pass information from the client side to the remote interactive session (to be processed into the login/sylogin stuff)

The default sshd2_config file contains an configuration entry named
"SettableEnvironmentVars"

Keeping this setting to its default value ("LANG,LC_(ALL|COLLATE|CTYPE|MONETARY|NUMERIC|TIME),PATH,TERM,TZ"), I've made some tests using the following openssh command lines:

1) ssh -o SendEnv=USER
and
2) ssh -o SendEnv=C

In the first case the ssh log file contain this error message:
NOTICE: Client tried to set environment variable `USER' to `*******', but it is forbidden by policy.

This seems OK since 'USER' is not part of the SettableEnvironmentVars list

Unfortunately, the second command does not give any error in the log file but the OpenVMS session does not get any "C" (local or global) symbol or logical defined.

Since all this stuff is not (at all) really documented I suppose that this part of ssh server code has not been adapted to VMS (I suppose that the original "setenv" calls have been left "as is").

The only solution I've found so far is using a subprocess like this:
ssh -t "pipe define ; spawn'

The created subprocess inherit the logical whose value have been set on the unix side.

But more than I found this workaround very ugly, in this configuration, the parent process (wich execute sylogin and login) f$mode()'s is "NETWORK" which is not what I wants.

Any idea will be greatly appreciated!
0 Kudos
Reply
5 REPLIES 5
Hoff
Honored Contributor

тАО05-23-2007 03:30 AM

тАО05-23-2007 03:30 AM

Re: Best way to pass data to an ssh session from a unix client,

Try the PermitUserEnvironment knob in the sshd_config daemon configuration file?
0 Kudos
Reply
Richard Whalen
Honored Contributor

тАО05-23-2007 03:36 AM

тАО05-23-2007 03:36 AM

Re: Best way to pass data to an ssh session from a unix client,

I don't know if anyone that was involved in the port of SSH for TCP/IP services reads this forum, and only they would be able to tell you if the SendEnv code is implemented.

I checked in our (Process Software) port of SSH, and we currently do not implement the SendEnv code.

One important question is "How to intend to use this information?" For Unix it is meant to set the user's environment, which is different from logicals or symbols. It's more like SET DEFAULT, and setting display formats for dates.
0 Kudos
Reply
Gilles Pion
Advisor

тАО05-23-2007 07:15 PM

тАО05-23-2007 07:15 PM

Re: Best way to pass data to an ssh session from a unix client,

PermitUserEnvironment doesn't seem to work:

$ type TCPIP$SSH_RUN.LOG
Thu 24 09:10:48 WARNING: Unrecognized configuration parameter 'PermitUserEnvironment'.
Thu 24 09:10:48 WARNING: Failed to parse some variables from config file 'ssh2/sshd2_config'.

0 Kudos
Reply
Gilles Pion
Advisor

тАО05-23-2007 08:45 PM

тАО05-23-2007 08:45 PM

Re: Best way to pass data to an ssh session from a unix client,

> One important question is "How to intend to use this information?"

I need to perform different actions in the sylogin.com phase on the vms host side depending of status information known only on the unix client process.
0 Kudos
Reply
Hoff
Honored Contributor

тАО05-24-2007 04:32 AM

тАО05-24-2007 04:32 AM

Re: Best way to pass data to an ssh session from a unix client,

I'd tend look to task-to-task communications or at https and CGI or other such solution, then. At another approach to whatever the underlying problem is here.

There's no way to get at the Username prompt for the username and /COMMAND here.

Other options include multiple usernames (ugly for the same person, though expected and desired for multiple people) or multiple ssh ports (really ugly). Potentially by the source IP address information (ugly).

This client-initiated differentiation is just not typical of an OpenVMS interactive login.

And, of course, do consider lobbing a formal enhancement request at HP; at the IP stack vendor.

Stephen Hoffman
HoffmanLabs.Com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.