StanfordSNR / guardian-agent

[beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH
BSD 3-Clause "New" or "Revised" License
439 stars 30 forks source link

Failed to use against shell other than bash #14

Open yookoala opened 6 years ago

yookoala commented 6 years ago

I tried to run sga-guard to forward to a remove server, which uses fish as default shell. This is the response I got:

Connecting to user@foobar.com to set up forwarding...
Failed to run remote stub: fish: Variables may not be used as commands. In fish, please define a function or use 'eval $SHELL'.
$SHELL -l -c "exec sga-stub"
^

Make sure that guardian agent is properly installed on the remote host

If I switch the default shell of the remote user (user@foobar.com) to /bin/bash, the forwarding would be successful. That means the agent depends on the behaviour of specific shell environment, which is not ideal.

Please fix this if possible. Thanks.

yookoala commented 6 years ago

Temporary workaround is to specify sga-stub location directly. If your sga-stub is installed in the $PATH of your remote environment, this should be easy:

sga-guard --stub="sga-stub" user@foobar.com

Please note if the sga-stub is not in $PATH of the remote user, the --stub= value should be the full path to the sga-stub binary there.

frederickjh commented 5 years ago

I believe that the fix the Fish shell is suggestion would also work on Bash as well. So changing line 29 of /cmd/sga-guard-bin/sga-guard-bin.go from:

RemoteStubName string `long:"stub" description:"Remote stub executable path" default:"$SHELL -l -c \"exec sga-stub\""`

to

RemoteStubName string `long:"stub" description:"Remote stub executable path" default:"eval $SHELL -l -c \"exec sga-stub\""`

Quoting may need some work.