Search code examples
bashdockersshldapsshd

Environment variables not defined in SSH AuthorizedKeysCommand (Docker)


I'm trying to make the private key SSH connection with LDAP.

/etc/ssh/sshd_config

AuthorizedKeysCommand /etc/ldap_ssh_authorized_keys.sh
AuthorizedKeysCommandUser nobody

Script to get public keys from LDAP server

/etc/ldap_ssh_authorized_keys.sh

#!/bin/bash
USERSLIST=$( ldapsearch -x -D "${LDAP_USER}" -w "${LDAP_PASSWORD}" -H $LDAP_URI -b "${LDAP_BASEDN}" -s sub '(objectClass=posixAccount)' -u 'uid' \
    grep '^uid:' | sed -n '/^ /{H;d};/uid:/x;$g;s/\n *//g;s/uid: //gp'  \
)
while IFS= read -r line; do
        exists=$(ldapsearch -x -D "${LDAP_USER}" -w "${LDAP_PASSWORD}" -H $LDAP_URI -b "${LDAP_BASEDN}" \
        -s sub "(&(objectClass=posixGroup)(cn=sysadmin)(memberUid=${line}))" | grep "^# numEntries:")
        if [[ ! -z $exists ]]
        then
            ldapsearch -x -D "${LDAP_USER}" -w "${LDAP_PASSWORD}" -H $LDAP_URI -b "${LDAP_BASEDN}" \
                  -s sub "(&(objectClass=posixAccount)(uid=${line}))" \
                  -u 'sshPublicKey' \
            | sed -n '/^ /{H;d};/sshPublicKey:/x;$g;s/\n *//g;s/sshPublicKey: //gp'
           echo -e "";

        fi;
done <<< "$USERSLIST"

When I'm running script with /bin/bash it's working well and return my public keys.

All environment variables defined normally.

  • LDAP_URI
  • LDAP_BASEDN
  • LDAP_USER
  • LDAP_PASSWORD

The script also running normally when trying to make an SSH connection. But environment variables not available.

I'm trying also with AuthorizedKeysCommandUser as root. But nothing changed.


Solution

  • I solved this problem by getting the environment variables from /proc/1/environ.

    Reference