Re: command [argument ...] in ssh(1): a footgun

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 31/05/2023 05:14, raf wrote:
Actually, I'm trying to find the mention in the manpage
that started this and can't find it. It doesn't mention
[arguments...] after [command] like I think the OP
asked to have removed. I must be misremembering. The
synopsis ends with: "[command]". And the DESCRIPTION
section (paragraph 3) says:

   If a command is specified, it is executed on the
   remote host instead of a login shell.

I can't see where it says that arguments are joined
with a space. Maybe I'm reading it wrong.

I'm on macOS with ssh installed from homebrew.

$ ssh -V
OpenSSH_9.2p1, OpenSSL 1.1.1t  7 Feb 2023

"man ssh" starts as follows:

SSH(1)                            General Commands Manual                           SSH(1)

NAME
     ssh – OpenSSH remote login client

SYNOPSIS
     ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address] [-c cipher_spec]          [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile]          [-I pkcs11] [-i identity_file] [-J destination] [-L address] [-l login_name]          [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address]          [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] destination
*[command [argument ...]]*

DESCRIPTION
     ssh (SSH client) is a program for logging into a remote machine and for executing      commands on a remote machine.  It is intended to provide secure encrypted      communications between two untrusted hosts over an insecure network.  X11      connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over
     the secure channel.

     ssh connects and logs into the specified destination, which may be specified as      either [user@]hostname or a URI of the form ssh://[user@]hostname[:port].  The user      must prove their identity to the remote machine using one of several methods (see
     below).

     If a command is specified, it will be executed on the remote host instead of a login      shell. *A complete command line may be specified as command, or it may have** **     additional arguments.  If supplied, the arguments will be appended to the command,**
**     separated by spaces, before it is sent to the server to be executed.*

...

This agrees with https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh.1?rev=1.433&content-type=text/x-cvsweb-markup

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux