PermitUserEnvironment ssh security risks

Question

PermitUserEnvironment ssh security risks

I read several posts about using PermitUserEnvironment and the ~/.ssh/environment file to pass env variables to the ssh shell. Official sshd docs and several other resources cite some security risks in doing so.

 Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD.

What is the likely security issue when activating PermitUserEnvironment ? I would like to save the details of the DB connection in these environment variables, is this advisable?

thanks

+6

security ssh environment-variables production-environment

Rob squires Jul 9 '13 at 22:25

source share

1 answer

Peter · Answer 1 · 2014-02-21T14:47:20+0000

This is for cases when you somehow restrict the user using the user shell - if the user can set LD_PRELOAD, then they can execute the code as their user on the remote computer, intercepting the standard library call.

A simple example would be if you disable the user login only for SFTP by setting your shell to the dynamically linked / bin / false - if they can change ~ / .ssh / environment or ~ /. ssh / authorized_keys, then they could add LD_PRELOAD = nefarious.so

PermitUserEnvironment ssh security risks

More articles: