45

Is there any way to force SSH to use a particular shell on the remote end, regardless of what the user's default shell is?

I've tried solutions akin to:

ssh host.domain.com /bin/bash -c 'complicated, multi-line command'

but unfortunately the default shell on the remote end is responsible for parsing the "complicated, multi-line command" part, and I'm having difficulty escaping it sufficiently to work both for Bash and C shell users.

plinehan
  • 595
  • 1
  • 4
  • 6

6 Answers6

33

You can use the -t option to force allocation of a pseudo-tty for the program you want to start, as if you were executing the standard shell. Then pass the shell you want as a plain old argument.

With this technique you're able to not only use any shell that's installed but you can also open vim and other programs which require a TTY, from a single command. Which is cool if you're writing a shell script that logs you in somewhere and opens a file on vim, or htop or something.

Here's bash

me@my-machine $ ssh root@myhost -t bash
root@myhost:~#

sh works too. As does anything else really.

me@my-machine $ ssh root@myhost -t sh
#

Not sure whether this is a login shell but there's options to make bash act like a login shell, so your shell might have that too.

Fábio Santos
  • 431
  • 1
  • 4
  • 5
18

Use a heredoc:

ssh host.domain.com /bin/bash << EOF
big ugly commands
lots of them
EOF
Ignacio Vazquez-Abrams
  • 45,019
  • 5
  • 78
  • 84
13

I don't believe this is possible, at least with openssh-based systems. If you have the ability, a better solution might be to sftp up a shell-script file, and then execute it with the method you posted. It would have the advantage of minimizing the amount of escaping needed, but would leave a file behind that would have to be removed (perhaps as the last step of the script).

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
11

Use key-based logins, not password-based. Then you can add a (list of) "forced command(s)" to your public ssh key (in the "options" field in case of SSH1) which is installed on the server (in ~/.ssh/authorized_keys file for SSH1, ~/.ssh2/authorization for SSH2).

Make your forced command so that your desired shell is called...

More: You can associate at most one forced command to a given key. If you require multiple forced commands for different purposes, you have to setup different keys. (Of course you can put multiple things into one script, which you call via forced command. But be aware that forced commands are always run for a given account/key if the user logs in, regardless if he asked for something different to run. If you want to still honor the original command asked for, have a look into how to exploit the $SSH_ORIGINAL_COMMAND variable...)

Read up about "forced commands" via Google.

Kurt Pfeifle
  • 1,746
  • 2
  • 12
  • 19
  • Good stuff. That graphic on the O'Reilly page is very nice. In my particular case, however, I want to be able to force this for any users, not just users who have set up their keys correctly. I also don't have root on the server machines, so I can't edit files like `/etc/sshrc`. – plinehan Aug 02 '10 at 18:30
  • Well, it is always the server (or better: the one who exerts control over the server) who calls the shots when you connect to its service.... The 'owner' of the server decides what can be done with it. -- You cannot force anything 'for any user(s)' if you don't have higher privileges than them. – Kurt Pfeifle Aug 02 '10 at 20:25
  • If the client can run arbitrary commands then the client can run an arbitrary shell as a command too. – Eric Woodruff Oct 06 '14 at 00:48
  • @KurtPfeifle that link to O'Reilly is broken – Brian Vandenberg Mar 16 '15 at 20:05
  • @BrianVandenberg: Thx for the hint. I removed that link now. – Kurt Pfeifle Mar 16 '15 at 20:42
  • 1
    Thanks, I confirm it works for me for automatically logging into `zsh` instead of bash *(users of the remote instance vary, so I can't force zsh on everyone with `chsh`)*. That said, I think it would help if usage example was in the answer instead of being a link to google. I'd sure give it my upvote. – Hi-Angel May 12 '20 at 06:42
  • Okay, my rejoice was prematurely. What now happens is that `sshfs` hangs. In fact, anything you could try to execute as `ssh … mycommand` hangs, with `sshfs` just being a particular case I'm interested in. So I guess no automatic login to zsh for me :c – Hi-Angel May 12 '20 at 08:48
1

Surprisingly I see different results with the following:

run in dash:

ssh eric@172.17.1.241 /bin/bash -c "echo <(cat)"                                              
sh: 1: Syntax error: "(" unexpected

vs bash:

ssh eric@172.17.1.241 '/bin/bash -c "echo <(cat)"'                                            
/dev/fd/63

Showing the fully quoted command is working as expected.

Eric Woodruff
  • 111
  • 4
  • 1
    Not surprising at all. The remote ssh daemon effectively runs `sh -c "$*"`. Thus, you're running `sh -c "/bin/bash -c echo <(cat)"`; the `echo` command itself is the only argument passed to `-c`, and the `<(cat)` is a separate argument altogether. – Charles Duffy Apr 14 '17 at 01:10
0

I faced a similar situation a while back where I needed to use ksh coprocess for sqlplus and I only had an ssh through which reads and writes must take place.

A way to do this is to pipe all your dependent command into one line (use ;) to /usr/bin/ksh on the remote machine. for example:

host="user@host"

db_conn="ora_user/passwd"

a="select * from dual;"

frmt="set heading off echo off feedback off verify off pagesize 0 termout off"

var=$(ssh ${host} "echo 'sqlplus -silent /nolog |&; sql_pid=\$!; print -p \"conn ${db_conn}\"; print -p \"${frmt}\"; print -p \"${a}\"; print -p \"exit\"; wait \$sql_pid' > /remote_dir/kshcmd.txt; awk '{print \$0}' /remote_dir/kshcmd.txt | /usr/bin/ksh")
Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
aws
  • 1