authorized_keys Environment Variables Not Setting Environment Variables

Question

I have created the file ~/.ssh/environment in there I put:

LEVEL=0

When I run a script over ssh to get the environment variable level it returns 0 like it should.

In the authorized_keys file I have several keys and am trying to change the value on a few so when I run a script on the other side it can modify how it process information. I am adding the following before the normal key:

command="/path/to/script" environment="LEVEL=1"

If I don't have the environment segment the script is executed fine, but if I have the environment part set then the script won't run.

I am not exactly sure what I am doing wrong. Am I even approaching this correctly?

essentially I have 4 different keys and in some cases I want people to have a level 1 or 2 with the default of 0, but I want to set who has the level and have it only set while they are logged in to execute their command.

I think I am barely understanding how it is supposed to work so my understanding could be completely wrong on how this should work.

Any ideas?

You need commas between the options. But you don't actually need the `environment` option, see [toppledwagon's answer](http://serverfault.com/questions/256098/authorized-keys-environment-variables-not-setting-environment-variables/256108#256108). — Gilles 'SO- stop being evil', Apr 05 '11 at 22:54

score 7 · Answer 1 · answered Dec 16 '19 at 18:54

7

There option PermitUserEnvironment in config file /etc/ssh/sshd_config has default value to no

So to enable processing file ~/.ssh/environment or/and environment= options in ~/.ssh/authorized_keys set above variable in yes

answered Dec 16 '19 at 18:54

oklas

171
1
3

1

This may not answer the actual question (?) but it answered what I was trying to figure out, so have some points on me :) – Darvanen May 14 '20 at 02:51
this is exactly what i m looking for !! – Alex Apr 29 '22 at 13:44

score 5 · Accepted Answer · answered Apr 05 '11 at 22:48

5

Try this:

command="export LEVEL=1; /path/to/script"

answered Apr 05 '11 at 22:48

toppledwagon

4,245
25
15

score 5 · Answer 3 · answered Apr 05 '11 at 23:00

5

First guess is that your syntax is slightly off.

I've never personally used the "environment" argument before, but from having to write custom authorized_keys entries before, I believe that optional arguments at the beginning of an authorized_keys entry require commas between each argument, not spaces.

Try:

command="path/to/script",environment="LEVEL=1" ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEArestofkeyhere comment_stuff

Hope this helps.

answered Apr 05 '11 at 23:00

photoionized

464
2
6

That helped it to work most of the way. I am going to play with it a little bit more I think I might still have something off. For the meantime though I am going with toppledwagon's solution. Thanks. – Buddy Lindsey Apr 06 '11 at 00:02
3

For this to work, on the server side the admin must add `PermitUserEnvironment yes` to the `sshd_config`. Setting the environment variable as part of the forced command such as in [the other answer](http://serverfault.com/a/256108/98062) works without changes to the server configuration. – cfi Oct 20 '15 at 13:50

authorized_keys Environment Variables Not Setting Environment Variables

3 Answers3