Security risks of PermitUserEnvironment in ssh

ssh security environment-variables

First of all, if you're not trying to do anything fancy with user access restrictions -- that is, if you're offering interactive shell access -- there are probably zero additional security risks in allowing use of the .ssh/environment file, since anything the user could accomplish with that file they could also do interactively in their shell.

Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD.

If you are using SSH forced commands to limit what people can do via ssh (for example, if you're restricting people to only using sftp or scp), allowing someone to set environment variables such as LD_PRELOAD (or possibly even PATH) would allow them to hijack your restrictions by replacing basic library calls with their own code. On the other hand, if you're creating the .ssh/environment on behalf of your users and they are not otherwise able to manage it, your risks are relatively small.

Without knowing more about your particular use case it's hard to provide a definitive answer.

Related

Guaranteeing SSH access on a stressed server
logstash (or graylog?) vs nxLog to collect event logs and csv logs [closed]
How to remove ourselves from nudity blacklists? [duplicate]
Why can't user login on Postgres
How to add language support on CentOS 7 (on Docker)?
Swap being used when RAM is almost half free
Why do EC2 T2 instances sometimes start with zero CPU Credits
How to list all containers in Kubernetes?
Why is there both character device and block device for nvme?
SELinux reset root password
How do I generate and set the locale using ansible?
How do you set bzip2 block size when using tar?