way to set shell used for remote commands?

Jason Vas Dias jason.vas.dias at gmail.com
Fri Jan 23 01:17:13 AEDT 2015


Thanks Alan & Iain for your replies.
RE:
>>    ssh 127.0.0.1 dash -c env
>>
>> appear to do the expected for me.
>>
Yes, it is easy enough to run any program on the remote host
to read commands from stdin and write results to stdout ;
but that means you have to send the script to execute separately:
  $ echo "$script" | ssh $remote_host $remote_shell
and that means you must be aware on the origin host
exactly what the path of $remote_shell is on the remote host.
Also using $SHELL -c "$SCRIPT" on the origin host does not work if
$SCRIPT contains semi-colons; only the first line terminated by
a semi-colon will be run by $SHELL; remaining lines are run
by the user's default shell.  And that introduces a new level
of quoting hell .

What I'd like is an option I could put into a configuration file on
$remote_host to say "sshd should use SHELL=$X for all commands",  or
maybe it might be nicer to be able to say:
    "use SHELL=$X for commands coming from host $Y or network $N"
or "use SHELL=$X for commands that match the regular expression $Y"
or a combination of both.

The problem is of course, there appears to be  no user-specific
configuration file for sshd beyound ~/.ssh/rc - and I don't think
that is the right file . AFAICS, sshd does not parse the user's
~/.ssh/config - this is used only by the 'ssh' client for OUTGOING commands.

It appears sshd needs a per-user config file for INCOMING commands.

So the patch would need to add a new "~/.ssh/sshd_config' file, which
could contain lines like :
  # for commands coming from hosts on subnet 192.168/16, use this shell:
  Host   192.168/16
    Shell /path/to/my/subnet.192.168/shell
  # for commands coming from hosts on subnet 172.16/16, use this shell:
  Host   172.16/16
    Shell /path/to/my/subnet.172.16/shell
  # for commands which start with 'new_shell', use specified shell and
  # remove prefixing 'new_shell' :
  Match  ^(new_shell)\ (.*) = \2
    Shell /path/to/my/latest/shell

If I develop such a patch, would there be any interest in it / likelihood
of it being incorporated in a future OpenSSH release ?

Iain, I'd be most interested to see your 'ForceShell' patch.
Please could you post it ? Does it apply to commands from
particular hosts, or all incoming commands ?

Thanks & Regards,
Jason

On 21/01/2015, Iain Morgan <imorgan at nas.nasa.gov> wrote:
> On Wed, Jan 21, 2015 at 17:29:00 +0000, Alex Bligh wrote:
>>
>> On 21 Jan 2015, at 15:36, Jason Vas Dias <jason.vas.dias at gmail.com>
>> wrote:
>>
>> > Please can OpenSSH provide some way of specifying which shell to use to
>> > execute commands on a host.
>>
>> Using dash as an example of another shell:
>>
>>    ssh 127.0.0.1 -t dash
>>
>> and
>>
>>    ssh 127.0.0.1 dash -c env
>>
>> appear to do the expected for me.
>>
>
> Two years ago, I opened a bug to add support for a ForceShell option
> to sshd that would provide the ability to override users shells. There
> doesn't seem to have been much interest in it, and I never received any
> feedback.
>
> I haven't updated the patch since the original submission, and it may
> need some further work, but it might be worth a try. I don't recall it
> it overrides the user's shell during forced password changes, so that
> may be one area that needs to be addressed.
>
> --
> Iain Morgan
>


More information about the openssh-unix-dev mailing list