2

Preamble

I work in an environment with a lot of servers and developers. The servers are all generally set up for ease of use, so we all log into a common account. These are internal-only servers, so security is not a large concern. Most devs, myself included, add their public key to ~/.ssh/authorized_keys.

I would like to have my usual environment customisations available after logging in.

What I do currently manually

studog@doghouse:~# ssh example.local
common@example:~# . ./studog_profile
common@example:~#

I'd like to have this occur automatically instead.

Extra credit: I'd like to always push my current .studog_profile and so I always have my current customisations available.

Ideally:

studog@doghouse:~# ssh example.local
common@example:~#

and .studog_profile has already been sourced and my customisations are available.

Constraints

  • My .studog_profile contains environment variable setup including PATH changes, aliases and function declarations.
  • I can push uniquely-named files to servers (and modify .ssh/authorized_keys) but I can't change common configurations like ~/.bashrc or /etc/ssh/sshd_config.
  • I often ssh from my doghouse, but often ssh between servers. A solution needs to work in both situations. I don't expect to be able to push my custom profile between servers though.

Things that don't work

  • ssh -t example.local '. ./.studog_profile; bash -l'. This does run my profile, but then the environment changes are lost when the login shell runs.
  • Altering .bashrc on the servers. See the constraint above about altering common configurations. Nevertheless, I could probably get away with it, but, ssh doesn't provide a way to see what the 'start of the ssh pipe' is. SSH_CLIENT and SSH_CONNECTION contain the IP address of the originating server for the current hop, but there is nothing containing the identity of the machine on which I'm typing.

Questions I've read that don't work for me

Things I haven't tried

Expectation

ssh has some method for sending a post-login command to the remote server, likely a keyword in ~/.ssh/config. I haven't been able to find anything. I find this strange because accepting keyboard input and sending it to the remote server is nearly the same as reading a command from the config file and sending it to the remote server.

I have to think this is missing because it's a security hole, but I can't see what that hole might be.

I expect I could modify OpenSSH source and build what I need, but that's time consuming. Also, if it's a security hole my pull request is likely to be ignored.

I expect that I have covered all the bases. I'm posting in the hopes I've missed something.

Improve this question

1 Answer 1

Reset to default
0

An expect script is often mentioned. I believe that would work. It just seems... hacky? inelegant? the wrong solution? Something rubs me the wrong way.

Hacky environment require "hacky" solutions. If you would have properly configured servers with your personal user, with shared home, you would be able to configured this in once place and it would work everywhere out of the box.

If you have bunch of servers with a single user used by bunch of devs, where one can not make its own changes, you have to work around it in your computer and in that case, expect script is probably a way to go.

Improve this answer
2
  • That's what I figured. I hoped for better. Thanks!
    – studog
    Commented Aug 18, 2017 at 15:15
  • Rereading your answer, I'm going to take issue with the "shared home" setup. That's good if you have a few servers that people will often log into. It's a huge waste of space of you have many servers that any single authorized person may only log into once, or never. Which is my situation. The servers in question also have very limited storage space. :-(
    – studog
    Commented Oct 31, 2017 at 22:11

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .