Can I forward env variables over ssh?

2019-01-14 01:00发布

站内问答 / 后端开发
949 2 2

I work with several different servers, and it would be useful to be able to set some environment variables such that they are active on all of them when I SSH in. The problem is, the contents of some of the variables contain sensitive information (hashed passwords), and so I don't want to leave it lying around in a .bashrc file -- I'd like to keep it only in memory.

I know that you can use SSH to forward the DISPLAY variable (via ForwardX11) or an SSH Agent process (via ForwardAgent), so I'm wondering if there's a way to automatically forward the contents of arbitrary environment variables across SSH connections. Ideally, something I could set in a .ssh/config file so that it would run automatically when I need it to. Any ideas?

2条回答
做自己的国王
2楼-- · 2019-01-14 01:36

You can, but it requires changing the server configuration.

Read the entries for AcceptEnv in sshd_config(5) and SendEnv in ssh_config(5).

update:

You can also pass them on the command line:

ssh foo@host "FOO=foo BAR=bar doz"

Regarding security, note than anybody with access to the remote machine will be able to see the environment variables passed to any running process.

If you want to keep that information secret it is better to pass it through stdin:

cat secret_info | ssh foo@host remote_program
查看更多
0人赞 添加讨论(0) 举报
疯言疯语
3楼-- · 2019-01-14 01:38

You can't do it automatically (except for $DISPLAY which you can forward with -X along with your Xauth info so remote programs can actually connect to your display) but you can use a script with a "here document":

ssh ... <<EOF
export FOO="$FOO" BAR="$BAR" PATH="\$HOME/bin:\$PATH"
runRemoteCommand
EOF

The unescaped variables will be expanded locally and the result transmitted to the remote side. So the PATH will be set with the remote value of $HOME.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(2)