Linux – How to prevent ssh from interpreting remote command as a host

command linecommand-line-argumentslinuxopensshssh

I set up a dedicated SSH key pair for the purpose of forcing a specific command on a remote server. I added the public key to the remote server authorized_keys file along with a command option specifying the command to be execute when this key is used. The command is a shell script which requires a single command line argument that I'm expecting to get passed in the $SSH_ORIGINAL_COMMAND environment variable.

When I execute the ssh command from the client and specify the use of this specific key like this:

ssh -i id_rsa_mykey -o User=abc -o HostName=myhost xxx

The remote script executes as expected and is passed the xxx in the SSH_ORIGINAL_COMMAND variable.

If I attempt to pass the remote command an email address however the remote sshd is interpreting the value as a user@host and appears to attempt authentication on the part before the @ symbol and the remote command is never executed. /var/log/auth.log on the remote server has the error:

Invalid user xxx from 192.168.0.1

How can I escape the @ symbol or otherwise not have sshd evaluate the value as a user@host and instead pass the value as is to the remote command?

I've tried both attempting to backslash escape the @ symbol as well as using -- before the argument but sshd does not appear to support this end of arguments convention.

Client machine is running Ubuntu with ssh version OpenSSH_7.2p2.
Server machine is running Debian with sshd version OpenSSH_6.7p1

Best Answer

I assume you have your reasons to use -o User=abc -o HostName=myhost over abc@myhost.

… however the remote sshd is interpreting the value as a user@host and appears to …

No, I think it's your local ssh that interprets this.

In my Debian the first argument that cannot be interpreted as an option is interpreted by ssh as host or user@host, depending on whether @ is there or not. After this no other argument is interpreted in such way, even if there's @ in it.

Now some observations:

user from user@host takes precedence over -o User=abc,
but host (standalone or from user@host) is suppressed by -o HostName=myhost.

Conclusion: while using -o HostName=myhost, host doesn't matter. This makes the following possible:

ssh -i id_rsa_mykey -o User=abc -o HostName=myhost dummy_host foo@bar

Thanks to the presence of dummy_host, foo@bar is passed to the remote side as a command, even though it includes @ character. Still ssh connects to myhost, not dummy_host, because -o HostName=myhost takes precedence.

Note: dummy_host may or may not be myhost. It may even be blank ("").

Related Solutions

Linux – Passing variables into ssh sessions (Session has to stay alive)

I think you can try this:

ssh user@host -t 'export var="value"; bash'

Linux – SSH remote command with !(pattern-list)

if you really want to use bash patterns you can do this:

user@remote:~$ ls del/
1  2  3
user@desktop:~$ ssh remote.example 'PATTERN="!(1|2)" bash -O extglob -c "cd del && echo rm \$PATTERN"'
rm 3

I'd rather use find though (append -delete if you actually want to delete the files):

 user@desktop:~$ ssh remote.example 'cd del && find . ! -path . ! \( -name 1 -or -name 2 \)'
./3

Example with directories:

user@remote:~/del$ tree -F
.
├── 1/
│   └── 11/
├── 2/
│   └── 22/
└── 3/
    └── 33/
user@remote:~/del$ find . -maxdepth 1 -type d '!' -path . ! \( -name 1 -or -name 2 \) -print0 | xargs -0 echo rm -r
rm -r ./3

Best Answer

Related Solutions

Linux – Passing variables into ssh sessions (Session has to stay alive)

Linux – SSH remote command with !(pattern-list)

Related Question