← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #75663

[Bug 1451194] [NEW] OpenSSH always passes LANG and LC* environment variables, even when it doesn't make sense

  Thread PreviousDate PreviousThread Next 
Public bug reported:

When using OpenSSH to access a remote server, the local user's locale
environment variables are always sent to the remote server, because the
default installation has /etc/ssh/ssh_config configured with "SendEnv
LANG LC_*"

This often makes no sense, as the local user likely has their locale set
to some non-US locale (e.g. my user account uses "he_IL.UTF-8" for most
locale environment settings), while it is unlikely that this local will
be setup on the remote. Basically the only use case where this makes
sense is if SSH is only used to access machines on a local network where
all machines have users configured in the same way.

Changing this setting require root permissions on the local machine and
is also not obvious what needs to be changed.

A better idea might be to change the defaults to not send local locale
environment settings, or apply the patch from OpenSSH bug #1285 -
https://bugzilla.mindrot.org/show_bug.cgi?id=1285 - that allows users to
unset sending specific environment variables on a per-host basis.

** Affects: openssh
     Importance: Unknown
         Status: Unknown

** Affects: openssh (Ubuntu)
     Importance: Undecided
         Status: New

** Bug watch added: OpenSSH Portable Bugzilla #1285
   https://bugzilla.mindrot.org/show_bug.cgi?id=1285

** Also affects: openssh via
   https://bugzilla.mindrot.org/show_bug.cgi?id=1285
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1451194

Title:
  OpenSSH always passes LANG and LC* environment variables, even when it
  doesn't make sense

Status in Portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  New

Bug description:
  When using OpenSSH to access a remote server, the local user's locale
  environment variables are always sent to the remote server, because
  the default installation has /etc/ssh/ssh_config configured with
  "SendEnv LANG LC_*"

  This often makes no sense, as the local user likely has their locale
  set to some non-US locale (e.g. my user account uses "he_IL.UTF-8" for
  most locale environment settings), while it is unlikely that this
  local will be setup on the remote. Basically the only use case where
  this makes sense is if SSH is only used to access machines on a local
  network where all machines have users configured in the same way.

  Changing this setting require root permissions on the local machine
  and is also not obvious what needs to be changed.

  A better idea might be to change the defaults to not send local locale
  environment settings, or apply the patch from OpenSSH bug #1285 -
  https://bugzilla.mindrot.org/show_bug.cgi?id=1285 - that allows users
  to unset sending specific environment variables on a per-host basis.

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1451194/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next