command [argument ...] in ssh(1): a footgun
raf
ssh at raf.org
Wed May 31 20:10:15 AEST 2023
On Wed, May 31, 2023 at 07:46:49AM +0100, Brian Candler <b.candler at pobox.com> wrote:
> On 31/05/2023 05:14, raf wrote:
> > Actually, I'm trying to find the mention in the manpage
> > that started this and can't find it. It doesn't mention
> > [arguments...] after [command] like I think the OP
> > asked to have removed. I must be misremembering. The
> > synopsis ends with: "[command]". And the DESCRIPTION
> > section (paragraph 3) says:
> >
> > If a command is specified, it is executed on the
> > remote host instead of a login shell.
> >
> > I can't see where it says that arguments are joined
> > with a space. Maybe I'm reading it wrong.
>
> I'm on macOS with ssh installed from homebrew.
>
> $ ssh -V
> OpenSSH_9.2p1, OpenSSL 1.1.1t 7 Feb 2023
>
> "man ssh" starts as follows:
>
> SSH(1) General Commands
> Manual SSH(1)
>
> NAME
> ssh – OpenSSH remote login client
>
> SYNOPSIS
> ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]
> [-c cipher_spec]
> [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F
> configfile]
> [-I pkcs11] [-i identity_file] [-J destination] [-L address] [-l
> login_name]
> [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option]
> [-R address]
> [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]]
> destination
> *[command [argument ...]]*
Thanks. I was reading it on debian stable:
SSH(1) BSD General Commands Manual SSH(1)
NAME
ssh — OpenSSH remote login client
SYNOPSIS
ssh [-46AaCfGgKkMN......address] [-c cipher_spec] [-D [bind_address:]port]
[-E log_file] ......1] [-i identity_file] [-J destination] [-L address]
[-l login_name......-p port] [-Q query_option] [-R address]
[-S ctl_path] ...... destination [command]
It's an older version:
OpenSSH_8.4p1 Debian-5+deb11u1, OpenSSL 1.1.1n 15 Mar 2022
cheers,
raf
More information about the openssh-unix-dev
mailing list