5.4. suSSHi Environment Variables

By default, the suSSHi Gateways send some environment variables to the target server along with others received from the client. If the target server is configured to allow this variables, they can be used on the target for further logging or other nice features.

Name

Description

SUSSHI_MAX_IDLE

Max. time of inactivity in seconds

SUSSHI_MAX_SESSION

Absolute time at which the session is always terminated in seconds since 1970-01-01 00:00:00 UTC

SUSSHI_SESSION_ID

The Session ID assigned by suSSHi

SUSSHI_SSH_CONNECTION

Connection information: <client_ip> <client_port> <gateway_ip> <target_ip> <target_port>

SUSSHI_USER

The suSSHi Gateway Username

The default configuration of sending these environment variables can be changed in the Partition Settings / Target Settings.

5.4.1. Target configuration

To have the target server accept the SUSSHI_* variables, you have to configure the SSH server accordingly. For OpenSSH it is the AcceptEnv option in /etc/ssh/sshd_config that controls the acceptance of environment variables sent by the client. Please refer to OpenSSH server for more details.

/etc/ssh/sshd_config
 AcceptEnv   LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
 AcceptEnv   LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
 AcceptEnv   LC_IDENTIFICATION LC_ALL
 AcceptEnv   SUSSHI_*

Verify that the configuration is working properly as follows:

user@target-01:~> env | grep SUSSHI
SUSSHI_SSH_CONNECTION=100.64.55.20 48976 100.22.22.11 22
SUSSHI_MAX_SESSION=1547670856
SUSSHI_USER=johndoe
SUSSHI_MAX_IDLE=43200
SUSSHI_SESSION_ID=20190115-213416-0001-16541

For example, you can use these variables to inform the user about the session idle timers, or use them for further logging or to have personalized shell history logs or whatever idea you have…

5.4.2. Use Cases

Display the time when session will end and what idle time is set

~/.bash_profile
 [[ -n ${SUSSHI_MAX_IDLE} && -n ${SUSSHI_MAX_SESSION} ]] && \
   echo "Your SSH Session will end after `date -u -d@${SUSSHI_MAX_IDLE} +'%T'` hours of inactivity or by `date -d@${SUSSHI_MAX_SESSION}`."

Personalized Bash history for system logins

~/.bash_profile
  HISTFILE="$HOME/.bash_history.${SUSSHI_USER:-$USER}"