ssh

Michael Grant mg-fbsd3 at grant.org
Wed Oct 31 07:51:00 PDT 2007 

On 10/31/07, James <oscartheduck at gmail.com> wrote:
>
>
> On 10/31/07, Michael Grant <mg-fbsd3 at grant.org> wrote:
> > On 10/31/07, James <oscartheduck at gmail.com> wrote:
> > >
> > >
> > >
> > > On 10/31/07, Michael Grant <mg-fbsd3 at grant.org > wrote:
> > > >
> > > > If I'm sued as root and I ssh somewhere, ssh/scp reads it's files from
> > > > /root/.ssh/.  The docs say it reads from ~/.ssh which is what I want,
> > > > but it's not doing that.  When sued, the shell is properly expanding ~
> > > > to my home dir.
> > > >
> > > > Anyone know of a way around this behavior?
> > > >
> > > > Michael Grant
> > >
> > >
> > > su - root
> >
> > Nope.  One other suggestion was 'su -l root'.  This does not change
> > the situation either.
> >
> > I went into the source for ssh and it does a getuid() and then gets
> > the homedir of that uid.  So no amount of fooling with su is gonig to
> > fix this.  I guess it's like this for security reasons, it sure seems
> > like a bug to me.  I'd have used the HOME enviroment variable.
> >
> > So far, the best fix I've found is to create some aliases in bash as
> follows:
> >
> > alias scp="scp -o User=username -i ~/.ssh/id_rsa"
> > alias ssh="ssh -l username -i ~/.ssh/id_rsa"
> > alias rsync="rsync -op -e 'ssh -l username -i /home/username/.ssh/id_rsa'"
> >
>
>
>
> Yeah, I misread your problem. Are you saying that you want to su to root,
> but still have some variables set as they were on the account you sued from?
> So you have a user named Michael, say, and you su to root, but when you ssh
> you want Michael's .ssh to be the effective one?

Well sort of.  When I su, $HOME is set to my homedir and $USER set to
mgrant.  This is fine.  However, ssh (when sued) doesn't read
$HOME/.ssh, it reads /root/.ssh. And it's not defaulting to logging
into the remote machine as $USER, it tries to log in as root.  It does
this because it's hardwired in the code more or less as follows (I've
extracted the relevant code from ssh.c):

    original_real_uid = getuid();
    pw = getpwuid(original_real_uid);
    sprintf(buf, "%s/%s", pw->pw_dir, "ssh-config");
    read_config_file(buf);
    options.user = strdup(pw->pw_name);

Like I said, it seems like a bug to me.  Personally I would have done
a getenv("HOME") and getenv("USER") myself instead of depending on the
userid.  Probably they had good reason for doing it the way they did
it.

So I think the problem is unsolvable using options to su.  Only
solution I found so far was the aliases above.

Michael Grant

More information about the freebsd-questions mailing list