When ssh'ing, how can I set an environment variable on the server that changes from session to session?

Question

When I ssh into a server, how can I pass an environment variable from the client to the server? This environment variable changes between different invocations of ssh so I don't want to overwrite $HOME/.ssh2/environment every time I do an ssh call. How can I do this?

Gilles 'SO- stop being evil' · Answer 1 · 2012-11-20T18:28:27.663

Of course, you can set the environment variable inside the command, however you'll have to be careful about quoting: remember that your shell is going to parse your local command line, and then the remote shell will have a go on the string it receives.

If you want a variable to get the same value on the server that it has on the client, try the SendEnv option:

ssh -o SendEnv=MYVAR server.example.com mycommand

This requires support from the server, though. With OpenSSH, the variable name has to be authorized in /etc/sshd_config.

If the server only allows certain specific variable names, you can work around that; for example a common setup allows LC_* through, and you can do the following:

ssh -o SendEnv=LC_MYVAR server.example.com 'MYVAR=$LC_MYVAR; unset LC_MYVAR; export MYVAR; mycommand'

If even LC_* is not an option, you can pass information in the TERM environment variable, which is always copied (there may be a length limit however). You'll still have to make sure that the remote shell doesn't restrict the TERM variable to designate a known terminal type. Pass the -t option to ssh if you're not starting a remote interactive shell.

env TERM="extra information:$TERM" ssh -t server.example.com 'MYVAR=${TERM%:*}; TERM=${TERM##*:}; export MYVAR; mycommand'

Another possibility is to define the variable directly in the command:

ssh -t server.example.com 'export MYVAR="extra information"; mycommand'

Thus, if passing a local variable:

ssh -t server.example.com 'export MYVAR='"'$LOCALVAR'"'; mycommand'

However, beware of quoting issues: the value of the variable will be interpolated directly into the shell snippet executed on the remote side. The last example above assumes that $LOCALVAR does not contain any single quotes (').

score 40 · Answer 2 · answered Jun 12 '19 at 10:45

On your local client, in your ~/.ssh/config you can add SetEnv, e.g.

Host myhost
  SetEnv FOO=bar

^{Note: Check man ssh_config.}

Then on the server, make sure to allow client to pass certain environment variables in your /etc/ssh/sshd_config config file:

AcceptEnv LANG LC_* FOO BAR*

^{Note: Check man sshd_config.}

score 23 · Answer 3 · answered Feb 03 '12 at 17:09

If you can administrate the target host you can configure sshd to allow passing your local environment variables along to the target host.

From the sshd_config man page:

 PermitUserEnvironment
     Specifies whether ~/.ssh/environment and environment= options in
     ~/.ssh/authorized_keys are processed by sshd.  The default is
     "no".  Enabling environment processing may enable users to bypass
     access restrictions in some configurations using mechanisms such
     as LD_PRELOAD.

sshd configuration typically lives at /etc/ssh/sshd_config

score 6 · Answer 4 · answered Jul 13 '10 at 17:52

So, on your client, you have some environment variable, and you want that to be available to the remote command? I don't think there's a way to have ssh magically pass it along, but you can probably do something like this. Instead of using, say:

ssh remote.host my_command

You can do this:

ssh remote.host env ENV_VAR=$ENV_VAR my_command

score 5 · Answer 5 · answered May 14 '18 at 14:36

@emptyset's response (which didn't work for me) led me to this answer:

You can add this command to your ~/.ssh/authorized_keys file:

command="/usr/bin/env VARIABLE=<something> $SHELL" ssh-rsa <key>

export VARIABLE=<something> was immediately exiting, and the SSH connection was closed (locking me out of the server), whereas /usr/bin/env ... $SHELL will run your default shell with a modified environment.

score 4 · Answer 6 · answered Apr 11 '19 at 17:12

4

just one simple command :

ssh -t your_host_or_ip 'export some_var_name=whatever_you_want; bash'

answered Apr 11 '19 at 17:12

grepit

253

score 2 · Answer 7 · edited Dec 10 '24 at 09:06

2

You could try invoking a custom command, assuming you have password-less ssh login setup. On the server, edit your ~/.ssh/authorized_keys entry that corresponds to the key from you client:

command="export VARIABLE=<something> /bin/bash" ssh-rsa <key>

Look at this link in the section Forced Command for a little more detail.

edited Dec 10 '24 at 09:06

colan

1,527

answered Jul 13 '10 at 17:15

emptyset

431

score 2 · Answer 8 · answered Aug 28 '15 at 16:55

I was making a custom build of OpenSSH for a device with a cramfs in the home directory and /etc (Cram FS is read-only) so ~/.ssh/environment would not work not without rebuilding the entire FS and these were field deployed devices(Embedded Systems Hence the use of CRAMFS). You can specify in the sshd_config the location of the authroized_keys file but for some reason the environment= only work for environment variables in the ~/.ssh/authroized_keys. Editing the /etc/profile wasn't an option and I had to load ssh in a non-standard directory. In session.c after the child_set_env(..."MAIL"...) just add the enviroment variables you need(This is a hack I know...) but just incase someone needs some hardcoded envs for a session if you are compiling from source you can do this. TGI-FLOSS

score 1 · Answer 9 · answered Feb 22 '21 at 03:42

this worked for me

ssh gitvps "VAR=hello FOO=world ;" echo \$VAR \$FOO

you need to scape variables with spaces, semicolon and dollar signs ($) using symbol "\" and single cuotes

ssh gitvps "VAR='hello:sd%\ \;\ s%' FOO='34\$34=,rtrt' ;" echo \$VAR \$FOO

score 1 · Answer 10 · answered Oct 21 '22 at 12:21

sometimes I go like this:

ssh me@example.com bash << EOF
export VAR1=$VAR1
export VAR2=$VAR2
./script-or-command-on-server.sh
EOF

you can put "sudo bash" as well if needed

it's nice because you can put each variable on its own line, and either hard code the value or get it from your local environment

score 0 · Answer 11 · answered May 16 '23 at 15:33

If you wrap ssh with /bin/bash, you can pass things 1:1 similar to how you interact locally with a script:

# SSH destination 'script' args..
SSH()
{
  local ARGS;
  printf -v ARGS ' %q' "$2" -- "${@:3}";
  ssh "$1" -- "/bin/bash --noprofile --norc -c -- $ARGS";
}

This does not pass the local environment to the remote /bin/bash, but passes all arguments without changing them. (Passing the whole env usually is not what you want.)

Just use it as follows:

# To pass something as argument literally
SSH user@host 'cd "$1" && exec "${@:2}"' "$DIR" cmd args..
to pass $envA and $envB to cmd with args..
SSH user@host 'envA="$1" envB="$2" exec "${@:3}"' "$envA" "$envB" cmd args..
see what's passed and how:
SSH user@host 'printf "ARG: %q\n" "$@"' '*' 'not dangerous' $'\177' $'\n'

The latter prints

ARG: \*
ARG: \`not\ dangerous\`
ARG: $'\177'
ARG: $'\n'

Unlike ssh, arguments passed to SSH are not re-interpreted
- No fear for unquoted shell characters to do harm
- No fear for sudden globbing on the other side
- Filenames containing strange things (like end in \n) are correctly passed
You must transfer environment variables yourself to the remote as args
- generic environment passing is left as exercise for the reader
To use some ssh option, you need to alter SSH
- generic ssh option passing is left as exercise for the reader

But:

This recipe needs /bin/bash on both sides.

You can adapt it to any other shell, of course.

When ssh'ing, how can I set an environment variable on the server that changes from session to session?

11 Answers11

to pass $envA and $envB to cmd with args..

see what's passed and how:

Linked

Related