Support SSH inline commands



  • What I try to achieve

    
    $ ssh admin@ip_address uname -r
    11.1-RELEASE-p2
    
    

    What I get

    
    $ ssh admin@ip_address uname -r
    Illegal option -r
    
    

    It can be easily fixed with adding quotes at line 56 in```
    /etc/rc.initial

    
    

    52 # Parse command line parameters
        53 while [ $# -gt 0 ]; do
        54        case $1 in
        55                -c )    shift
        56                        /bin/sh -c "$1"
        57                        exit
        58                        ;;
        59                * )
        60        esac
        61        shift
        62 done

    
    Any thoughts on this?

  • Rebel Alliance Developer Netgate

    Use root@ not admin@



  • @jimp:

    Use root@ not admin@

    It doesn't work with Certified pfsense AMI 'Netgate pfSense Certified 2.4.1-d6a66a49-ceec-4a27-ad5b-ea8a3eb55b15-ami-0ea47f74.4 (ami-904de9ea)'


  • Rebel Alliance Developer Netgate

    I think the root account is disabled there because of their rules/standards.

    Use a different account (not root or admin) and if you need root privileges, use the sudo package.



  • @jimp:

    I think the root account is disabled there because of their rules/standards.

    Use a different account (not root or admin) and if you need root privileges, use the sudo package.

    The issue is not with permissions.
    It is about passing SSH command arguments.

    "admin" user has "/etc/rc.initial" as its shell.
    "/etc/rc.initial" improperly handles SSH arguments.

    E.g.

    
    $  ssh admin@192.168.0.1 uname -r
    Illegal option -r
    
    $  echo "uname -r" | ssh admin@192.168.0.1 sh
    11.1-RELEASE-p4
    
    

  • Rebel Alliance Developer Netgate

    And I'm saying that's by design. Do not use admin for that. It's done that way on purpose and should not be changed.

    Use another account.



  • Hm… But I'm able to use admin user for that.
    Is that by design too?  ;)

    Then pfsense should, probably, prevent or override SSH arguments at all.


  • Rebel Alliance Developer Netgate

    @kb:

    Hm… But I'm able to use admin user for that.

    No you're not, it isn't working (or you wouldn't have started this thread) :-)

    It's pretty well documented around that admin@ is not to be used for scp or anything that needs ssh features. It's locked to the menu.

    Just add another non-admin account and use it for whatever you need/want.


Log in to reply