sshenvironment-variablesforwarding

Can I forward env variables over ssh?


I work with several different servers, and it would be useful to be able to set some environment variables such that they are active on all of them when I SSH in. The problem is, the contents of some of the variables contain sensitive information (hashed passwords), and so I don't want to leave it lying around in a .bashrc file -- I'd like to keep it only in memory.

I know that you can use SSH to forward the DISPLAY variable (via ForwardX11) or an SSH Agent process (via ForwardAgent), so I'm wondering if there's a way to automatically forward the contents of arbitrary environment variables across SSH connections. Ideally, something I could set in a .ssh/config file so that it would run automatically when I need it to. Any ideas?


Solution

  • You can, but it requires changing the server configuration.

    Read the entries for AcceptEnv in sshd_config(5) and SendEnv in ssh_config(5).

    update:

    You can also pass them on the command line:

    ssh foo@host "FOO=foo BAR=bar doz"
    

    Regarding security, note than anybody with access to the remote machine will be able to see the environment variables passed to any running process.

    If you want to keep that information secret it is better to pass it through stdin:

    cat secret_info | ssh foo@host remote_program