Fixes SSH Remoting KeyFilePath Parameter #4529
Conversation
…rShell into Fix-KeyFilePath-Parameter
| case '"': | ||
| // Special case for arguments within quotes | ||
| // Just return argument value within the quotes | ||
| while ((++i < argsLength) && argsToParse[i] != '"') { }; |
There was a problem hiding this comment.
Is there enforcement for the string ending in a '"'? Does that happen in a different layer?
There was a problem hiding this comment.
No enforcement here. This expects the argument string to be correctly formatted. If it is not then the argument list is wrong and any errors are generated when the process is created.
This is currently scoped internally so we currently have complete control in how it is used. However, I did intend this to be robust against malformed strings (empty, single quote, unmatched quotes, single space, only spaces, etc.). If you see something I missed please let me know.
There was a problem hiding this comment.
My initial concern regarded unmatched double quotes. Thinking about it some more, two other things came to mind:
- Strings that use single quotes
- Argument lists that include other commands. Do we do validation on it? I'm wondering about something like this:
arg1 arg2; rm -rf *
There was a problem hiding this comment.
Single quotes are not supported and not needed. It is something we could add if we need it in the future. Argument validation is not intended to be performed here. This just parses space delimited strings with a special case for double quoted arguments.
I just tried to make sure it doesn't blow up with malformed strings and cause an access violation or null reference exception.
|
@adityapatwardhan |
|
@PaulHigin Can we add tests for this? |
|
Thanks! |
|
HI , |
|
@Hema-dell It sounds like your sshd_config configuration file still allows password authentication and should be disabled. FYI, I have a module with 'Enable-SSHRemomting' cmdlet that I have been working on. It is not been published by you can experiment with it if you like: We decided not to touch general SSH settings, and assume that the user has it set up as needed. The 'Enable-SSHRemoting' cmdlet merely updates the sshd_config file with subsytem entry that becomes a PowerShell SSH remoting end point, so that the machine can receive connections.
|
|
Hi Paul!!, Thanks, |
This change addresses issue #4475.
When creating the SSH child process for remoting the KeyFilePath parameter path was enclosed in double quotes to handle potential space characters in the file path. The problem was that the new SSH child process creation code was leaving the quote characters in the key filepath causing SSH to fail to find the key file. In addition KeyFilePath paths with space characters were not being handled correctly.
With this change the KeyFilePath parameter now works as expected:
This worked correctly on Windows and only failed on Linux systems using the new SSH process creation code.
I also noticed and fixed a problem where trying to back out of a SSH remoting password prompt resulted in a hang (until the 1 minute protocol timeout occurred).
The problem was that the client side connection did not end. Fix is to add CloseAsync override to close the connection.