rapier1/hpn-ssh

AcceptENV options in sshd_config do not work

derproblembaer opened this issue · 8 comments

The AcceptENV LANG LC_* options in the sshd_config do not work in my setups (Debian 11.9 and 12.5 - amd64) using OpenSSH_9.7p1-hpn18.4.0 Debian-1ubuntu1, OpenSSL 3.0.11 19 Sep 2023 - hpnssh-server_9.7p1-hpn18.4.0-1ubuntu1_amd64.deb from the openSUSE repo.

The default OpenSSH-Server does not have this issue. I tried it with both OpenSSH-Client and PuTTY.

Output of the locales command:
LANG=
LANGUAGE=
LC_CTYPE="POSIX"
LC_NUMERIC="POSIX"
LC_TIME="POSIX"
LC_COLLATE="POSIX"
LC_MONETARY="POSIX"
LC_MESSAGES="POSIX"
LC_PAPER="POSIX"
LC_NAME="POSIX"
LC_ADDRESS="POSIX"
LC_TELEPHONE="POSIX"
LC_MEASUREMENT="POSIX"
LC_IDENTIFICATION="POSIX"
LC_ALL=

The correct output should look like this in my case:
LANG=de_DE.UTF-8
LANGUAGE=
LC_CTYPE="de_DE.UTF-8"
LC_NUMERIC="de_DE.UTF-8"
LC_TIME="de_DE.UTF-8"
LC_COLLATE="de_DE.UTF-8"
LC_MONETARY="de_DE.UTF-8"
LC_MESSAGES="de_DE.UTF-8"
LC_PAPER="de_DE.UTF-8"
LC_NAME="de_DE.UTF-8"
LC_ADDRESS="de_DE.UTF-8"
LC_TELEPHONE="de_DE.UTF-8"
LC_MEASUREMENT="de_DE.UTF-8"
LC_IDENTIFICATION="de_DE.UTF-8"
LC_ALL=

When switching to other accounts using su their variables appear correctly.

Temporary workaround: Add export LANG=de_DE.UTF-8 to ~/.profile

Thank You for providing HPNSSH. Your work is much appreciated.

I'm taking a look at this now. I'm on a VM running Bookworm. This is a default installation with nothing really modified except for user creation and updating the software. The output of locale is

rapier@debian12:~$ locale
LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=
rapier@debian12:~$ hpnssh localhost
rapier@localhost's password: 
Last login: Fri Mar 22 13:35:58 2024 from ::1
rapier@debian-gnu-linux-11:~$ locale
LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=

I'm seeing the same thing when I use hpnssh to connect to OpenSSH and ssh to connect to HPN-SSH. Now, these are just connections to localhost but I would expect it to be the same when making a remote connection. I'll keep taking a look but at this time I can't recreate what you are seeing. Is there anything else you can think of that might help me in this process?

Nevermind, I just recreated the problem. It's just not consistent. Connecting from a Mac with HPN-SSH 18.4.1 produced the "POSIX" problem. Same problem with Alpine, and Fedora Rawhide. Connecting from Ubuntu 24.04 with an 18.4.1 client is working as expected though. For once I'd like to get a bug that was consistent :)

Anyway, it's not just debian that's having a problem. Looks like this might be across the board. A session into an ubuntu server from rawhide is also showing "POSIX".

I'll get working on this.

Could you send me the specifics of how you have AcceptEnv set up in your sshd_config and the SetEnv or SendEnv on the client side?

Update: I don't think this has anything to do with AcceptEnv. I think what is happening is that somehow the normal scripts that would run when a terminal is allocated aren't being run. For example, I'm not seeing the standard MOTD when I use hpnssh. I do not, for the life of me, know how I have missed this before. So I'm feeling that environment variables aren't being set and other important things aren't happening. You don't notice it when you are using it for data transfer but for interactive sessions it's an issue.

And this is where I feel like an idiot.
The problem seems to be a pam issue.
Basically, there is a pam module for sshd that handles things like printing the MOTD and a few other things - including setting the locale and lang and so forth. There is no pam module for hpnsshd and I'll need to include one in the packages for hpnssh in the future.

To resolve this problem try sudo ln -s /etc/pam.d/sshd /etc/pam.d/hpnsshd

Let me know if that works for you.

Yes, you are right.

Linking the /etc/pam.d/sshd pam module to /etc/pam.d/hpnsshd fixes the problem.

Thanks a lot.

Just wanted to let you know that I fixed the issue with the pam module not being installed correctly. I didn't fully understand the nomenclature assumptions in debhelper. I released new versions of the package for Debian and Ubuntu.