sshuttle cannot be used with tsh #18453

devicenull · 2022-11-14T22:06:04Z

This client app expects the standard ssh behavior of a -- indicating the end of an argument list, preventing anything past it from being interpreted by the client as arguments.

This can be found in the openssh source here: https://github.com/openssh/openssh-portable/blob/ca98d3f8c64cfc51af81e1b01c36a919d5947ec2/ssh.c#L1062

Currently, if I try to use this with tsh, I get a weird bash error.

Expected behavior:

Using a -- in the command line should be supported

Current behavior:

$ tsh ssh root@test -- ls
/bin/bash: --: invalid option
Usage:  /bin/bash [GNU long option] [option] ...
        /bin/bash [GNU long option] [option] script-file ...
GNU long options:
        --debug
        --debugger
        --dump-po-strings
        --dump-strings
        --help
        --init-file
        --login
        --noediting
        --noprofile
        --norc
        --posix
        --pretty-print
        --rcfile
        --restricted
        --verbose
        --version
Shell options:
        -ilrsD or -c command or -O shopt_option         (invocation only)
        -abefhkmnptuvxBCHP or -o option
ERROR: Process exited with status 2

Bug details:

Teleport version
Teleport v11.0.1 git:v11.0.1-0-g4746a0a go1.19.2
Proxy version: 11.0.1

I didn't provide debug logs here since I don't think they're really going to be relevant

The text was updated successfully, but these errors were encountered:

StephenTan-TW · 2022-11-16T08:15:20Z

Yes - please can we fix this. I've implemented a hack in sshuttle where I just remove the "--" which I feel is the wrong thing to do

sinh-tran-ts · 2023-10-10T13:44:17Z

Add config ssh
tsh config >> ~/.ssh/config
Example Add end of line:

Host gcp-cloud-*
    Port 3022
    ProxyCommand "/usr/local/bin/tsh" proxy ssh --cluster=teleport.local --proxy=teleport.local:443 %r@%h:%p
Host gcp-cloud-compute01
   User centos
Host gcp-cloud-compute02
   User centos

Run ssh
sshuttle -e "ssh" -l 0.0.0.0 -vr gcp-cloud-compute01 10.x.x.0/24

StephenTan-TW · 2023-10-10T13:51:55Z

Add config ssh tsh config >> ~/.ssh/config Example Add end of line:
Host gcp-cloud-*
    Port 3022
    ProxyCommand "/usr/local/bin/tsh" proxy ssh --cluster=teleport.local --proxy=teleport.local:443 %r@%h:%p
Host gcp-cloud-compute01
   User centos
Host gcp-cloud-compute02
   User centos
Run ssh sshuttle -e "ssh" -l 0.0.0.0 -vr gcp-cloud-compute01 10.x.x.0/24

Oh, interesting - will try that - thank you

ns-sjorgedeaguiar · 2024-07-03T17:06:55Z

@devicenull @webvictim hey guys, I'm willing to work on this issue. However I was looking for some advice on the feasibility and shortcomings. Also is this a fix you’re willing to accept? Thanks

edit: I've opened sshuttle/sshuttle#974 as well to try to address on their end, but it would be great if tsh handled the delimiters.

ns-sjorgedeaguiar · 2024-07-03T17:13:13Z

Also this seems to be a dup of #16589

webvictim · 2024-07-03T17:24:51Z

@ns-sjorgedeaguiar I agree it'd be nice if tsh handled delimiters. We would likely accept a PR which fixes this issue in tsh ssh itself, as long as it adds comprehensive test coverage to make sure this doesn't affect other use cases and prevent future regressions.

devicenull · 2024-07-03T22:07:16Z

@devicenull @webvictim hey guys, I'm willing to work on this issue. However I was looking for some advice on the feasibility and shortcomings. Also is this a fix you’re willing to accept? Thanks

edit: I've opened sshuttle/sshuttle#974 as well to try to address on their end, but it would be great if tsh handled the delimiters.

I no longer work at a place that uses teleport.

This PR extends the tsh ssh command by adding support for the double dash (--) delimiter before remote commands (e.g. `tsh ssh -- echo test`), aligning its behavior with the standard ssh binary. This improves compatibility with tools that rely on the standard ssh binary behavior, such as sshuttle. Fixes gravitational#18453, gravitational#16589.

This PR extends the tsh ssh command by adding support for the double dash (--) delimiter before remote commands (e.g. `tsh ssh -- echo test`), aligning its behavior with the standard ssh binary. This improves compatibility with tools that rely on the standard ssh binary behavior, such as sshuttle. Fixes #18453, #16589. Signed-off-by: Tim Ross <tim.ross@goteleport.com>

This PR extends the tsh ssh command by adding support for the double dash (--) delimiter before remote commands (e.g. `tsh ssh -- echo test`), aligning its behavior with the standard ssh binary. This improves compatibility with tools that rely on the standard ssh binary behavior, such as sshuttle. Fixes gravitational#18453, gravitational#16589.

This PR extends the tsh ssh command by adding support for the double dash (--) delimiter before remote commands (e.g. `tsh ssh -- echo test`), aligning its behavior with the standard ssh binary. This improves compatibility with tools that rely on the standard ssh binary behavior, such as sshuttle. Fixes #18453, #16589. Signed-off-by: Tim Ross <tim.ross@goteleport.com>

* Support double dash delimiter in tsh ssh This PR extends the tsh ssh command by adding support for the double dash (--) delimiter before remote commands (e.g. `tsh ssh -- echo test`), aligning its behavior with the standard ssh binary. This improves compatibility with tools that rely on the standard ssh binary behavior, such as sshuttle. Fixes #18453, #16589. Signed-off-by: Tim Ross <tim.ross@goteleport.com> * Support double dash delimiter in tsh ssh This PR extends the tsh ssh command by adding support for the double dash (--) delimiter before remote commands (e.g. `tsh ssh -- echo test`), aligning its behavior with the standard ssh binary. This improves compatibility with tools that rely on the standard ssh binary behavior, such as sshuttle. Fixes #18453, #16589. Signed-off-by: Tim Ross <tim.ross@goteleport.com> * fix: update tests --------- Signed-off-by: Tim Ross <tim.ross@goteleport.com> Co-authored-by: Samir Aguiar <sjorgedeaguiar@netskope.com>

This PR extends the tsh ssh command by adding support for the double dash (--) delimiter before remote commands (e.g. `tsh ssh -- echo test`), aligning its behavior with the standard ssh binary. This improves compatibility with tools that rely on the standard ssh binary behavior, such as sshuttle. Fixes #18453, #16589. Signed-off-by: Tim Ross <tim.ross@goteleport.com>

devicenull added the bug label Nov 14, 2022

webvictim added tsh tsh - Teleport's command line tool for logging into nodes running Teleport. ssh labels Nov 15, 2022

ns-sjorgedeaguiar mentioned this issue Jul 7, 2024

Support double dash delimiter in tsh ssh #43897

Closed

rosstimothy mentioned this issue Sep 10, 2024

Support double dash delimiter in tsh ssh #46441

Merged

rosstimothy closed this as completed in #46441 Sep 11, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

sshuttle cannot be used with tsh #18453

sshuttle cannot be used with tsh #18453

devicenull commented Nov 14, 2022 •

edited

Loading

StephenTan-TW commented Nov 16, 2022

sinh-tran-ts commented Oct 10, 2023

StephenTan-TW commented Oct 10, 2023

ns-sjorgedeaguiar commented Jul 3, 2024 •

edited

Loading

ns-sjorgedeaguiar commented Jul 3, 2024

webvictim commented Jul 3, 2024

devicenull commented Jul 3, 2024

sshuttle cannot be used with tsh #18453

sshuttle cannot be used with tsh #18453

Comments

devicenull commented Nov 14, 2022 • edited Loading

StephenTan-TW commented Nov 16, 2022

sinh-tran-ts commented Oct 10, 2023

StephenTan-TW commented Oct 10, 2023

ns-sjorgedeaguiar commented Jul 3, 2024 • edited Loading

ns-sjorgedeaguiar commented Jul 3, 2024

webvictim commented Jul 3, 2024

devicenull commented Jul 3, 2024

devicenull commented Nov 14, 2022 •

edited

Loading

ns-sjorgedeaguiar commented Jul 3, 2024 •

edited

Loading