.ssh/environment equivalent in dropbear

Rob Landley rob at landley.net
Tue Aug 28 12:12:53 WST 2007 

On Monday 27 August 2007 6:16:10 am Christoph Kurrat wrote:
> 2007/8/27, Rob Landley <rob at landley.net>:
> > On Sunday 26 August 2007 8:29:26 am Christoph Kurrat wrote:
> > > The busybox uses ash, but an .ash* file does not exist.
> > > If I create the .ashrc and export ENV=/var/tmp/.ashrc it works, but to
> > > export ENV, I again need the /etc/profile.
> >
> > Um...  What?  I _think_ you just said "If I put it in ~/.ashrc it works".
> >  In which case: happy to hear it.  In which case where does the need for
> > /etc/profile come in?
>
> If I put it into ~/.ashrc end export ENV=/var/tmp/.ashrc it works, if
> this export is inside /etc/profile.
> I need /etc/profile, because an export inside the
> dropbear-start-script does not influence the environment in an SSH
> session.

Ok, so your shell is reading /etc/profile, not .ashrc.  You can make it 
read .ashrc: from /etc/profile.

Check.


> > Except it's child processes you're worrying about here, not parent
> > processes.
>
> I thought, the SSH sessions would fork from a parent process of the
> dropbear-start-script.

SSH sessions fork from the dropbear daemon and exec a shell with a command 
line.  That shell is the "parent" here, it runs your command as a child of 
that shell (unless you feed it "exec" as the command to run).  One shell 
instance is spawned per connection, last I checked.

ssh (including dropbear as far as I know) washes all sessions through whatever 
you have listed as your shell in /etc/passwd.  I once made a gatekeeper 
program that allowed a very restricted set of functionality (only looking in 
one directory for executables, and not allowing "/" to be in the name of the 
executable).

> > If $PATH is blank I believe ash sets it to _PATH_STDPATH out
> > of /usr/include/paths.h which is "/usr/bin:/bin:/usr/sbin:/sbin".
>
> OK, so before login, the PATH was blank.
> Is that a regular behavior?

I'm guessing dropbear is passing an empty environment to its child processes, 
for security reasons.

> Anyway, with the PATH set inside of dropbear, it works.
>
> Christoph 

Cool.

Rob
-- 
"One of my most productive days was throwing away 1000 lines of code."
  - Ken Thompson.

More information about the Dropbear mailing list