SSH - set env vairables by every connection - godaddy shared host

Solution 1:

Assuming you have UsePAM yes in /etc/ssh/sshd_config, and assuming you want these environment variables set for every user, you can have pam set environment variables for you. If you have the environment variables defined in /etc/gitenv you could add this line to /etc/pam.d/sshd

auth required pam_env.so envfile=/etc/gitenv

Or by inpsecting this file, you might find that there is already a pam_env.so being used, and already a file you can add stuff to. Just be careful, and make sure you have thoroughly tested your changes before ending your ssh session, as when you are messing with pam, you can completely break your ability to login to your server, if you are not careful.

Solution 2:

I'm setting some environment variable for my SSH connections using the ~/.ssh/environment. The file can contain variable in the form VAR=value, no need to explicitly export them.

However, this user configuration file is ignored by default by the SSH server process unless the option PermitUserEnvironment is set to yes. Therefore you need to make sure to edit /etc/sshd_config on the SSH server to add or update this parameter:

PermitUserEnvironment yes

You need to reload the SSH server configuration. On RHEL or Suse Linux you do (as root)

/sbin/service sshd reload

(Possibly replace sshd by ssh if it does not work)

On Ubuntu (using upstart) you do

sudo reload ssh

On any other Linux, you could try (as root)

/etc/init.d/sshd reload

(Replace sshd by ssh or openssh or whatever that would correspond to the SSH server init script)

Solution 3:

I have no longer a godaddy shared host, so I cannot check whether the proposed solutions are valid. This will stay the accepted answer, since it worked by me when I asked the question. The other answers might work as well. I let the community decide that with upvotes.

Ok. The solution is that there is no solution on a godaddy shared host. I tried everything, but nothing works, so I decided that I stay with the ~/.ssh/authorized_keys:

command="~/connect.sh" ssh-rsa AAAAB3NzaC...

In the ~/connect.sh:

#!/bin/bash
if [ -f "${HOME}/.env_profile" ]; then
        source ~/.env_profile
fi;

if [ "x${SSH_ORIGINAL_COMMAND}x" == "xx" ]; then
        $SHELL --login
else
        eval "${SSH_ORIGINAL_COMMAND}"
fi;

And in the ~/.env_profile:

export PATH=$PATH:$HOME/bin:$HOME/git/libexec/git-core
export LD_LIBRARY_PATH=$HOME/git/lib
export GIT_EXEC_PATH=~/git/libexec/git-core
export GIT_TEMPLATE_DIR=~/git/share/git-core/templates

So I have to copy the command="..." to every rsa key in the authorized_keys. This is code duplication, but I don't think there is another solution on a godaddy shared hosts.

Solution 4:

If you are using bash as your shell, try adding the environment settings to .bashrc.

Check first that this does get run upon login, it may not as the standard files often have something like:

# If not running interactively, don't do anything
[ -z "$PS1" ] && return

at the start of them. any change that you want to have made even for non-interactive logins will need to go above such a statement.

.profile is a more general place to put configuration like this and is respected by most shells (on a default Debian setup it is ~/.profile that calls ~/.bashrc in the first place). You may need to be more careful editing .profile in case it is ever interpreted by other shells - i.e. try to avoid using bash specific extensions.

Edit

If you have a .bash_profile edit that instead of .profile: bash will use it in favour of the more general file, and you can safely use bash specific things in there.

Solution 5:

You can use the command for all users/key without adding the command part in the authorized_keys by adding this line to the sshd_config file :

ForceCommand ~/connect.sh

In this case I suggest that you use an absolute path for the script