Why are the arguments supplied for the command run through ssh interpreted by shell before they are passed to the command on the server side?

Jochen Bern Jochen.Bern at binect.de
Mon Jan 13 19:14:14 AEDT 2020

On 01/11/2020 10:59 AM, Yuri wrote:
> On 2020-01-11 01:38, Darren Tucker wrote:
>> The command you give is always handled on the server by
>> your shell in some fashion.
> It's not obvious why does it have to be this way.

Because sshd ignoring the target account's configured, possibly
restricted, shell and running whatever executable the client asked for
would promise to be a backdoor large enough to drive an aircraft carrier
through. Sideways.

Not to mention that running commands on the server without having the
login shell set up the environment - $PATH, $LD_LIBRARY_PATH, etc. etc.
- would very likely be an issue no less complicated than figuring out
the nested quoting.

Jochen Bern

Binect GmbH
Robert-Koch-Straße 9
64331 Weiterstadt

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200113/5f729378/attachment.p7s>

More information about the openssh-unix-dev mailing list