StanfordSNR / guardian-agent

[beta] Guardian Agent: secure ssh-agent forwarding for Mosh and SSH
BSD 3-Clause "New" or "Revised" License
439 stars 30 forks source link

ssh and rsync incompatibility #18

Open Zenexer opened 6 years ago

Zenexer commented 6 years ago

sga-ssh's command line argument processing isn't quite compatible with ssh's, and this breaks rsync.

Take, for example:

export RSYNC_RSH=sga-ssh
rsync /file.ext some-server:/file.ext

This will result in an invocation of sga-ssh similar to the following:

sga-ssh some-server rsync --server -e.MisqZ . /file.ext

sga-ssh attempts to interpret the --server and -e arguments as arguments to itself, rather than part of the command to be executed on the target.

There's a pretty easy test to confirm this:

user@host ~ % sga-ssh some-server echo --version
v0.7.2-beta
user@host ~ % ssh some-server echo --version
--version
Zenexer commented 6 years ago

Temporary workaround exclusively for rsync:

Put the following in /usr/local/bin/sga-ssh-rsync:

#!/bin/sh
host="$1"
shift
sga-ssh "$host" -- "$@"

Then run:

sudo chmod +x /usr/local/bin/sga-ssh-rsync
sed 's#RSYNC_RSH=sga-ssh$#RSYNC_RSH=/usr/local/bin/sga-ssh-rsync#' /usr/local/bin/sga-env.sh | sudo tee /usr/local/bin/sga-env.sh > /dev/null

I'm not using the -i flag for sed so that it'll work with non-GNU seds, such as on macOS.

theavey commented 5 years ago

I believe I have the same issue. Trying to run rsync ... I get

Unknown option: server
Unknown option: e.Lsfx

then a hang on Linux Mint 19. On Ubuntu 16.04.6, I get the popup for allowing the agent use, but then it fails with

protocol version mismatch -- is your shell clean?
(see the rsync man page for an explanation)
rsync error: protocol incompatibility (code 2) at compat.c(176) [sender=3.1.1]

My local machine is running macOS and all are using a zsh shell. I get the same result as @Zenexer with the echo --version test.

@Zenexer's workaround also worked for me (thank you!)

drewwells commented 3 years ago

Don't forget to source the file after changing it. source /usr/local/bin/sga-env.sh