Bug 1349015

Summary:	sshd_config should contain AcceptEnv TZ by default
Product:	Red Hat Enterprise Linux 7	Reporter:	ervin.nemeth
Component:	openssh	Assignee:	Jakub Jelen <jjelen>
Status:	CLOSED WONTFIX	QA Contact:	BaseOS QE Security Team <qe-baseos-security>
Severity:	low	Docs Contact:
Priority:	unspecified
Version:	7.4	CC:	cponder, szidek
Target Milestone:	rc
Target Release:	---
Hardware:	All
OS:	All
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2017-03-28 13:17:44 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description ervin.nemeth 2016-06-22 13:55:07 UTC

Description of problem:
If a user is setting the TZ parameter in his environment, he can change how the date is displayed by commands. It would be especially useful to carry over that parameter when logging into a remote system. Unfortunately the default /etc/sshd_config does not allow the user to do so.

As I see, RedHat decided to whitelist the LANG and LC_* parameters with "AcceptEnv". Please consider adding TZ, too.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 2 Jakub Jelen 2016-06-23 08:03:37 UTC

> As I see, RedHat decided to whitelist the LANG and LC_* parameters with "AcceptEnv". Please consider adding TZ, too.

The LANG and LC_* are send/accepted by the ssh/sshd based on the report in a bug #179851, 10 years ago. The arguments are mostly about the encoding, which might cause problems if not transferred to the remote session. But on the other hand requesting a language/locale/encoding that is not installed on the server causes problem in various tools unable to handle the errors.

Both the above LANG and LC_* environment variables are standard in shell and set by default, unlike the TZ. Once you configure TZ in your local system (and you have got a reason to set this up to something different than system-wide value), you should be able to configure also the server with the same TZ or to send/accept this configuration. I don't think this should come by default.

Thank you for the input and idea for improvement, but note that bugzilla is not a support tool. If you have a good reason and business requirement to see this in the next RHEL release, please get in touch with your Red Hat support: https://access.redhat.com/support/

Comment 3 Carl Ponder 2023-08-01 20:26:49 UTC


I use a number of remote clusters with job-control systems like SLURM and PBS. When I look at the start-times and expected finish-times on running jobs, it's convenient to see them in my local time.
I do travel a lot, so propagating the TZ variable from my laptop would be a very simple & seamless to deal with this.
It's a pain to have to manually reset the TZ each time I log in, or manually edit my ~/.bash_profile each time I log on from a different timezone.

I get that there would be a problem if the remote cluster didn't have a current list of timezones and couldn't recognize the one I'm sending.
But none of this will happen if I don't use an explicit SendEnv in my ~/.ssh/config, anyway.
So if I see problems on one of the remote clusters, I'll either not send the TZ to that one, or try to find a more canonical setting (like GMT-relative or something).

Comment 4 Carl Ponder 2023-08-01 21:51:10 UTC

Also, is this /etc/ssh/sshd_config inherited from the upstream Fedora development?