pfSense Gold Subscription

Author Topic: Support SSH inline commands  (Read 257 times)

0 Members and 1 Guest are viewing this topic.

Offline kb

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Support SSH inline commands
« on: November 23, 2017, 12:24:17 pm »
What I try to achieve
Code: [Select]
$ ssh admin@ip_address uname -r
11.1-RELEASE-p2

What I get
Code: [Select]
$ ssh admin@ip_address uname -r
Illegal option -r

It can be easily fixed with adding quotes at line 56 in
Code: [Select]
/etc/rc.initial
Code: [Select]
     52 # Parse command line parameters
     53 while [ $# -gt 0 ]; do
     54         case $1 in
     55                 -c )    shift
     56                         /bin/sh -c "$1"
     57                         exit
     58                         ;;
     59                 * )
     60         esac
     61         shift
     62 done

Any thoughts on this?

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Support SSH inline commands
« Reply #1 on: December 01, 2017, 03:27:48 pm »
Use root@ not admin@
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline kb

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Support SSH inline commands
« Reply #2 on: December 11, 2017, 09:15:50 am »
Use root@ not admin@
It doesn't work with Certified pfsense AMI 'Netgate pfSense Certified 2.4.1-d6a66a49-ceec-4a27-ad5b-ea8a3eb55b15-ami-0ea47f74.4 (ami-904de9ea)'

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Support SSH inline commands
« Reply #3 on: December 11, 2017, 09:45:32 am »
I think the root account is disabled there because of their rules/standards.

Use a different account (not root or admin) and if you need root privileges, use the sudo package.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline kb

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Support SSH inline commands
« Reply #4 on: December 11, 2017, 10:53:46 am »
I think the root account is disabled there because of their rules/standards.

Use a different account (not root or admin) and if you need root privileges, use the sudo package.

The issue is not with permissions.
It is about passing SSH command arguments.

"admin" user has "/etc/rc.initial" as its shell.
"/etc/rc.initial" improperly handles SSH arguments.

E.g.
Code: [Select]
$  ssh admin@192.168.0.1 uname -r
Illegal option -r

$  echo "uname -r" | ssh admin@192.168.0.1 sh
11.1-RELEASE-p4

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Support SSH inline commands
« Reply #5 on: December 11, 2017, 10:54:43 am »
And I'm saying that's by design. Do not use admin for that. It's done that way on purpose and should not be changed.

Use another account.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Offline kb

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
Re: Support SSH inline commands
« Reply #6 on: December 11, 2017, 11:05:54 am »
Hm... But I'm able to use admin user for that.
Is that by design too?  ;)

Then pfsense should, probably, prevent or override SSH arguments at all.

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21495
  • Karma: +1458/-26
    • View Profile
Re: Support SSH inline commands
« Reply #7 on: December 11, 2017, 11:08:42 am »
Hm... But I'm able to use admin user for that.

No you're not, it isn't working (or you wouldn't have started this thread) :-)

It's pretty well documented around that admin@ is not to be used for scp or anything that needs ssh features. It's locked to the menu.

Just add another non-admin account and use it for whatever you need/want.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!