This is an all-in-one client for EC2 Instance Connect that handles key brokerage and establishing connection to EC2 Instances through an interface near-identical to standard system ssh, sftp, and other utilities.
Previously mssh would blindly execute an SSH command, resulting in
shell pipelines being executed on the host rather on the SSH target.
Consider the following command:
The second invocation of "whoami" runs on the host and therefore prints
my local username, rather than the username on the EC2 instance.
This is at odds with the normal SSH program, which would print "ubuntu"
for both, as any shell metacharacters are left to be interpreted by the
remote shell.
This issue was previously reported as #24, with a proposed fix in #25
that simply shell quotes the command. That solution seems suboptimal to
me, as it is generally a bad idea to pass user input to a shell.
This commit solves the issue another way, by keeping track of individual
arguments as we go. Rather than building up a command string like "ssh
ubuntu@10.0.0.1 USER-FLAGS USER-COMMAND" and then passing that to the
local shell for interpretation, we instead build up a command array
like:
Previously
msshwould blindly execute an SSH command, resulting in shell pipelines being executed on the host rather on the SSH target. Consider the following command:The second invocation of "whoami" runs on the host and therefore prints my local username, rather than the username on the EC2 instance.
This is at odds with the normal SSH program, which would print "ubuntu" for both, as any shell metacharacters are left to be interpreted by the remote shell.
This issue was previously reported as #24, with a proposed fix in #25 that simply shell quotes the command. That solution seems suboptimal to me, as it is generally a bad idea to pass user input to a shell.
This commit solves the issue another way, by keeping track of individual arguments as we go. Rather than building up a command string like "ssh ubuntu@10.0.0.1 USER-FLAGS USER-COMMAND" and then passing that to the local shell for interpretation, we instead build up a command array like:
This command can be executed without invoking the shell, and so we can be sure it will not execute any code on the host.
Fix #24.
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.