I was not aware of this feature. Quite cool, although it smells of remote code execution and therefore maybe not many SSH targets have this enabled by default?
Well, at that point you're already doing remote code execution manually by logging in. But, yes, the default is to not accept any environment variables, so it would only work if you already have the ability to alter the SSH daemon configuration. If you have that, you already have sufficient permissions to do almost anything to the machine anyway.
I guess a use case would be if you were deploying an OS image and didn't want to bake your prompt into it, but still wanted it available.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I was not aware of this feature. Quite cool, although it smells of remote code execution and therefore maybe not many SSH targets have this enabled by default?
Well, at that point you're already doing remote code execution manually by logging in. But, yes, the default is to not accept any environment variables, so it would only work if you already have the ability to alter the SSH daemon configuration. If you have that, you already have sufficient permissions to do almost anything to the machine anyway.
I guess a use case would be if you were deploying an OS image and didn't want to bake your prompt into it, but still wanted it available.