Security risks of PermitUserEnvironment in ssh
First of all, if you're not trying to do anything fancy with user access restrictions -- that is, if you're offering interactive shell access -- there are probably zero additional security risks in allowing use of the .ssh/environment
file, since anything the user could accomplish with that file they could also do interactively in their shell.
Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD.
If you are using SSH forced commands to limit what people can do via ssh (for example, if you're restricting people to only using sftp
or scp
), allowing someone to set environment variables such as LD_PRELOAD
(or possibly even PATH
) would allow them to hijack your restrictions by replacing basic library calls with their own code. On the other hand, if you're creating the .ssh/environment
on behalf of your users and they are not otherwise able to manage it, your risks are relatively small.
Without knowing more about your particular use case it's hard to provide a definitive answer.