0

I've looked on several systems and seen these lines

111    # Allow client to pass locale environment variables
112    AcceptEnv LANG LC_*

in the /etc/ssh/sshd_config file. I'd like to get this extended to include the "TZ" variable. That way when I travel, and connect to some remote cluster, the dates on everything will be relative to my current timezone.

Carl Ponder
  • 41
  • 4
  • I've asked the managers of several of these clusters to add the TZ variable to the list. Most of them refuse to do it, under the assumption that it will be a security breach. I'm thinking that it would make more sense to get it into the Linux distros by default. I don't know if this is an Ubuntu thing or an SSH thing though. – Carl Ponder Aug 01 '23 at 00:58
  • OpenSSH of course have their defaults, Debian can (and do, IIRC) further customize those defaults, and Ubuntu can also customize further the defaults they get from Debian. – muru Aug 01 '23 at 01:09
  • /etc/ssh/ssd_config is managed by the System Administrator. It's not that TZ is necessarily insecure, it's that the System Admin doesn't have the spare time to ensure (and put his reputation on the line) that exporting TZ is secure. – waltinator Aug 01 '23 at 01:16
  • Based on my discussions with the various sysadmins, I don't believe they put the initial AcceptEnv entry in the file, so it had to have been added to the Ubuntu image or further upstream. – Carl Ponder Aug 01 '23 at 01:28
  • Is there a channel for me to propose this as an Ubuntu enhancement? – Carl Ponder Aug 01 '23 at 01:28
  • 2
    Does this answer your question? Where can I send feature requests? – muru Aug 01 '23 at 01:32
  • 1
    Also this seems to be a declined feature request over on Red Hat: https://superuser.com/a/1141861/334516 – muru Aug 01 '23 at 01:33
  • Thanks -- good lead on the SuperUser request. I weighed-in my own comment on this, I think they're wrong. – Carl Ponder Aug 01 '23 at 10:35
  • Also, regarding the Feature Request, I'm not sure Ubuntu is the right place, or someplace further upstream. I'm trying to find the "root" source of the OpenSSH source-code to see if that's where the sshd_config stems from. – Carl Ponder Aug 01 '23 at 10:44
  • I don't see a default AcceptEnv in this file

    https://github.com/openssh/openssh-portable/blob/master/sshd_config

    so I'm guessing that the change goes in at the Debian/Fedora etc. level.

     – Carl Ponder Aug 01 '23 at 10:48
  • It is: https://salsa.debian.org/ssh-team/openssh/-/commit/aedb5d2ee2799e3a95b6913721533d2c42c496b3 – muru Aug 04 '23 at 12:07
  • Also imo you could just do something like ssh -t server TZ=$TZ bash – muru Aug 04 '23 at 12:14

0 Answers0