pass on sever process environment to child processes (option -e)

[rvollgraf]

The environment of the ssh server process is usually cleared and not passed on to the child process for security reasons. However, in certain situations it may be desirable to inherit the server environment. For example: I start dropbear (as non-root) from a SLURM workload manager, which exposes a lot variables containing of information about the confined runtime environment. These need to be inherited by child processes which are also subject to SLURM's runtime environment.

[elgalu]

Hi @mkj , is this not merged because of coding style? or do you see some security risk in this feature?

[mkj]

Sorry, I've just been lax in looking at pull requests, I think the patch looks good. @rvollgraf in the manpage you mention security issues - I can think of possible information disclosure from the parent process, is there something else you were thinking of?

[rvollgraf]

Honestly, I don't really know. I guess it is for some reason that the env is cleaned by default. So I thought some "use it at your own risk" disclaimer might be appropriate.

[mkj]

Thanks, I've changed the description slightly.

69e5709

Pass on the server environment to all child processes. This is required, for example,
if Dropbear is launched on the fly from a SLURM workload manager. The environment is not
passed by default. Note that this could expose secrets in environment variables from
the calling process - use with caution.