search

aws / aws-ec2-instance-connect-cli

This is an all-in-one client for EC2 Instance Connect that handles key brokerage and establishing connection to EC2 Instances through an interface near-identical to standard system ssh, sftp, and other utilities.
Apache License 2.0
160 stars 42 forks source link

mssh does not correctly handle commands written by Ansible #24

Open crestonbunch opened 3 years ago

crestonbunch commented 3 years ago

Here is a minimum reproducible command (fill in INSTANCE_ID and IP_ADDRESS). This command is something Ansible uses to test SSH connections (this works when using the ssh binary instead):

mssh \
  -t ${INSTANCE_ID} \
  -l ubuntu \
  ${IP_ADDRESS} \
  '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo ~/.ansible/tmp `"&& mkdir "` echo ~/.ansible/tmp/ansible-tmp-1623369896.6943882-14170-58937873873026 `" && echo ansible-tmp-1623369896.6943882-14170-58937873873026="` echo ~/.ansible/tmp/ansible-tmp-1623369896.6943882-14170-58937873873026 `" ) && sleep 0'"'"''

Output:

bash: -c: line 0: syntax error near unexpected token `('
bash: -c: line 0: `/bin/sh -c ( umask 77 && mkdir -p "` echo ~/.ansible/tmp `"&& mkdir "` echo ~/.ansible/tmp/ansible-tmp-1623369896.6943882-14170-58937873873026 `" && echo ansible-tmp-1623369896.6943882-14170-58937873873026="` echo ~/.ansible/tmp/ansible-tmp-1623369896.6943882-14170-58937873873026 `" ) && sleep 0'

With the -d flag we see the SSH command:

2021-06-10 20:14:24,264 - EC2InstanceConnect - DEBUG - Generated command: ssh -o "IdentitiesOnly=yes" -i /tmp/tmp2jdzw7dw -l ubuntu ubuntu@10.0.2.26 /bin/sh -c '( umask 77 && mkdir -p "` echo ~/.ansible/tmp `"&& mkdir "` echo ~/.ansible/tmp/ansible-tmp-1623369896.6943882-14170-58937873873026 `" && echo ansible-tmp-1623369896.6943882-14170-58937873873026="` echo ~/.ansible/tmp/ansible-tmp-1623369896.6943882-14170-58937873873026 `" ) && sleep 0'