Imported Upstream version 3.12

2 files changed, 24 insertions, 0 deletions

diff --git a/docs/remctl-shell.8.in b/docs/remctl-shell.8.in
index b39be98..edea4f0 100644
--- a/docs/remctl-shell.8.in
+++ b/docs/remctl-shell.8.in
@@ -227,6 +227,14 @@ user identities that look like Kerberos principal names is strongly
 recommended, since it may make it easier to use some of the \s-1ACL\s0 methods
 intended for the normal remctl server.
 .PP
+Since this relies on setting environment variables via \f(CW\*(C`authorized_keys\*(C'\fR,
+you unfortunately have to enable \f(CW\*(C`PermitUserEnvironment\*(C'\fR in
+\&\fIsshd_config\fR (this is not the default) by adding:
+.PP
+.Vb 1
+\&    PermitUserEnvironment yes
+.Ve
+.PP
 \&\fBremctl-shell\fR will not make use of forwarded connections or agents, and
 will not pass them along to the processes they run, so all such ssh
 options should normally be disabled for defense in depth security.
@@ -398,6 +406,11 @@ normally run as that user and the \f(CW\*(C`user\*(C'\fR configuration option wi
 work.  The easiest way to run commands as other users is to have the
 underlying command use \fBsudo\fR or some other user switching mechanism,
 which will normally require additional local configuration.
+.PP
+User environment setting has to be enabled in \fBsshd\fR by setting the
+non-default \f(CW\*(C`PermitUserEnvironment\*(C'\fR configuration option.  A future
+version of \fBremctl-shell\fR may use forced commands with an argument
+instead of a shell to avoid this.
 .SH "AUTHOR"
 .IX Header "AUTHOR"
 \&\fBremctl-shell\fR was written by Russ Allbery <eagle@eyrie.org>.  Many
diff --git a/docs/remctl-shell.pod b/docs/remctl-shell.pod
index af3cfc7..0322a0e 100644
--- a/docs/remctl-shell.pod
+++ b/docs/remctl-shell.pod
@@ -90,6 +90,12 @@ user identities that look like Kerberos principal names is strongly
 recommended, since it may make it easier to use some of the ACL methods
 intended for the normal remctl server.
 
+Since this relies on setting environment variables via C<authorized_keys>,
+you unfortunately have to enable C<PermitUserEnvironment> in
+F<sshd_config> (this is not the default) by adding:
+
+    PermitUserEnvironment yes
+
 B<remctl-shell> will not make use of forwarded connections or agents, and
 will not pass them along to the processes they run, so all such ssh
 options should normally be disabled for defense in depth security.
@@ -283,6 +289,11 @@ work.  The easiest way to run commands as other users is to have the
 underlying command use B<sudo> or some other user switching mechanism,
 which will normally require additional local configuration.
 
+User environment setting has to be enabled in B<sshd> by setting the
+non-default C<PermitUserEnvironment> configuration option.  A future
+version of B<remctl-shell> may use forced commands with an argument
+instead of a shell to avoid this.
+
 =head1 AUTHOR
 
 B<remctl-shell> was written by Russ Allbery <eagle@eyrie.org>.  Many