Identifying the client (was Re: get IP address on login)

Bob Rasmussen ras at anzio.com
Tue Dec 6 11:03:23 PST 2011 

This discussion reminded me that there's a trick available for allowing 
the client to identify itself.

SUMMARY: An SSH client can pass a wide variety of environment variables to 
the server at login time. However, the SSH daemon on the server must be 
configured to allow these, through the "AcceptEnv" entry in the 
sshd_config file.

BACKGROUND: Long ago, the telnet protocol allowed the client to send in 
arbitrary "variable=value" pairs, just after login/authentication. 
However, because of security concerns, these were restricted in most 
telnetd programs. But the sshd program (the daemon) from OpenSSH does 
allow these, and gives the admin control over what variables it will allow 
to be sent into the shell session. 

HOW IT IS DONE: On the server side, you must edit the config file usually 
in /etc/ssh/sshd_config. The keyword "AcceptEnv", if present, specifies 
what variable names are allowed. Wildcards are possible. This is explained 
in the output of the command:
   man sshd_config

Configuring the client side will depend on the client software. In Anzio, 
in the Communicate menu, we have "Environment". Here you can enter or edit 
a list of pairs, separated by semicolons. A simple example would be
   PRINTER=LaserjetInShipping
In Anzio, the 'value' side can be something static, as above, or a PC-side 
variable (either Windows-defined or Anzio-defined) that will get 
translated before being sent. For instance, if I encode "Environment" as
   ANZIO=${ANZ_PROGRAM}
then Anzio will decode the "${ANZ_PROGRAM}" into the program name 
"ANZIOWIN" or "ANZIOLITE", and this will become the value of the "ANZIO" 
environment variable in the shell session.

Notice that once configured, nothing is required in the login script in 
order to cause this exchange to take place. A login script can simply test 
whether a variable is assigned, and what its value is.

SOME POSSIBLE USES: 

* Name of printer to use
* Type of printer
* Client side timezone
* Windows login name
* Pathname of important PC-side folders such as Desktop, Temp, 
AllUsersProfile, etc.
* Version of Windows (or Linux, etc.)
* Information about a Terminal Services environment
* PC's MAC address

...and so forth.


Regards,
....Bob Rasmussen,   President,   Rasmussen Software, Inc.

personal e-mail: ras at anzio.com
 company e-mail: rsi at anzio.com
          voice: (US) 503-624-0360 (9:00-6:00 Pacific Time)
            fax: (US) 503-624-0760
            web: http://www.anzio.com
 street address: Rasmussen Software, Inc.
                 10240 SW Nimbus, Suite L9
                 Portland, OR  97223  USA

More information about the Filepro-list mailing list