Citadel icon indicating copy to clipboard operation
Citadel copied to clipboard
verified publisher icon orlandos-nl

Passing environment variables triggers `channelFailure` error

Open finestructure opened this issue 2 years ago • 2 comments

My recent addition https://github.com/orlandos-nl/Citadel/pull/53 is failing with a channelFailure. As discussed, I'm fairly sure this worked initially but I'm certainly now hitting the channelFailure very reliably.

The error can be avoided by sending the env request with wantReply: false but in that case the env variable isn't actually being set:

try await executeCommandStream("printing", inShell: true, environment: ["FOO": "bar"])


USER=admin
LOGNAME=admin
HOME=/Users/admin
PATH=/opt/homebrew/bin:/opt/homebrew/sbin:/usr/local/bin:/System/Cryptexes/App/usr/bin:/usr/bin:/bin:/usr/sbin:/sbin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/local/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/bin:/var/run/com.apple.security.cryptexd/codex.system/bootstrap/usr/appleinternal/bin:/Library/Apple/usr/bin
SHELL=/bin/zsh
SSH_CLIENT=172.29.29.8 53247 22
SSH_CONNECTION=172.29.29.8 53247 192.168.64.5 22
TMPDIR=/var/folders/fs/0w3t9t1d28xc3bj0tgb8hcrw0000gn/T/
SHLVL=1
PWD=/Users/admin
OLDPWD=/Users/admin
HOMEBREW_PREFIX=/opt/homebrew
HOMEBREW_CELLAR=/opt/homebrew/Cellar
HOMEBREW_REPOSITORY=/opt/homebrew
MANPATH=/opt/homebrew/share/man::
INFOPATH=/opt/homebrew/share/info:
_=/usr/bin/printenv

Also, inShell true or false does not make a difference.

I've tried moving the env request's triggerUserOutboundEvent into createChannel but also to no effect.

I'm not sure what else to try 🤔

finestructure avatar Feb 22 '24 15:02 finestructure

while creating a test to verify this locally, the code that Sven originally had didn't really map to the current API, so I've tried this variant:

let env: SSHChannelRequestEvent.EnvironmentRequest = .init(wantReply: false, name: "FOO", value: "bar")
let outputStreams = try await client.executeCommandStream("env", environment: [env], inShell: true)

That said, I wasn't sure what it means to "want a reply" when creating an instance of SSHChannelRequestEvent.EnvironmentRequest.

I'd like to use the exact kind of setup that @finestructure outlined in the issue - setting an environment variable before invoking a remote command - in a shell context or not - and want to understand how best to arrange that with Citadel.

heckj avatar Jan 14 '25 20:01 heckj

Gave it another look. Apparently, you need PermitUserEnvironment=yes in your openssh config - which is why some servers work differently here.

Joannis avatar Apr 05 '25 16:04 Joannis