Transferring environment variable through SSH / quoting in bash/sh/csh/tcsh

3

2

I want to transfer an environment variable over SSH.

The "correct" way is using SendEnv/~/.ssh/environment, but that requires the server to support AcceptEnv or PermitUserEnvironment, which it does not in my case.

So instead I am thinking to set the variable on the remote site like this:

FOO=val
export FOO
ssh server export FOO=$FOO'; do_stuff_which_uses_FOO'

That part is easy. I want a generic solution, so no matter the content of $FOO it will work. E.g.

FOO="  '\""
export FOO
QFOO=`quote "$FOO"` # quote will return "\ \ \'\\\""
export QFOO
ssh server export FOO=$QFOO'; do_stuff_which_uses_FOO'

This works no matter if the sending or receiving shell is sh or bash.

However, I also need it to work for csh/tcsh. And I will not know in advance which shell the receiving end is running. That means I have to code something that will work both in /bin/sh and /bin/csh.

So far I have managed to get it working for sh/bash:

ssh server // followed by the below quoted
eval `echo $SHELL | grep -E "/(t)?csh" > /dev/null && echo setenv FOO \\\ \\\ \\\\\'\\\\\" || echo export FOO=\\\ \\\ \\\\\'\\\\\";` ; echo "$FOO"

I can also get it to work for csh/tcsh (the user csh has csh as login shell):

ssh csh@server // followed by the below quoted
eval `echo $SHELL | grep -E "/(t)?csh" > /dev/null && echo setenv FOO \\\ \\\ \\\\\'\\\\\" || echo export FOO=\\\ \\\ \\\\\'\\\\\";` ; echo "$FOO"

If $FOO is * or ? it works fine with BASH:

ssh server eval\ \`echo\ \$SHELL\ \|\ grep\ -E\ \"/\(t\)\?csh\"\ \>\ /dev/null\ \&\&\ echo\ setenv\ FOO\ \\\\\\\\\\\*\\\;\ \|\|\ echo\ export\ FOO=\\\\\\\\\\\*\\\;\`\;echo\ \"\$FOO\"\ a;

But it fails with csh:

ssh csh@server eval\ \`echo\ \$SHELL\ \|\ grep\ -E\ \"/\(t\)\?csh\"\ \>\ /dev/null\ \&\&\ echo\ setenv\ FOO\ \\\\\\\\\\\*\\\;\ \|\|\ echo\ export\ FOO=\\\\\\\\\\\*\\\;\`\;echo\ \"\$FOO\"\ a;
No match.
FOO: Undefined variable.

It seems * and ? refuse to be quoted with .

To answer this question your solution should:

  • be able to transfer an environment variable to the remote server
  • not use SendEnv/AcceptEnv/PermitUserEnvironment
  • work no matter if the source shell is sh/bash/csh/tcsh
  • work no matter if the destination shell is sh/bash/csh/tcsh
  • work no matter the content of the environment variable. Specifically it should at least work for: \n * space ' " ? < > ! $ \ and any combination of those.

If you can find a better way to transfer the variable than quoting it, then that is fine, too.

Ole Tange

Posted 2012-10-02T15:47:44.607

Reputation: 3 034

It sounds like we're doing your homework. Why can you not use the ssh SendEnv or AcceptEnv options? That's what they are DESIGNED for. – UtahJarhead – 2012-10-15T13:50:32.863

It is to be used for --env in GNU Parallel. GNU Parallel is used by estimated 25000 users. A lot of these users do not have root access on the systems they are using (often it is compute clusters). If AcceptEnv had not required root access then I would agree. As you can see below I have found a solution that works for all but \n. – Ole Tange – 2012-10-15T17:57:18.597

Ah, that make sense. Thanks for the clarification. – UtahJarhead – 2012-10-15T18:01:44.067

Answers

1

I now have a working model for all characters except \n:

sub shell_quote_scalar {
    # Quote the string so shell will not expand any special chars
    # Returns:
    #   string quoted with \ as needed by the shell
    my $a = shift;
    $a =~ s/([\002-\011\013-\032\\\#\?\`\(\)\{\}\[\]\*\>\<\~\|\; \"\!\$\&\'\202-\377])/\\$1/g;
    $a =~ s/[\n]/'\n'/g; # filenames with '\n' is quoted using \'
    return $a;
}

sub env_quote {
    my $v = shift;
    $v =~ s/([ \n\&\<\>\(\)\;\'\{\}\t\"\$\`\*\174\!\?\~])/\\$1/g;
    return $v;
}

my @qcsh = map { my $a=$_; "setenv $a " . env_quote($ENV{$a})  } @vars;
my @qbash = map { my $a=$_; "export $a=" . env_quote($ENV{$a}) } @vars;

$Global::envvar =
    join"",
    (q{echo $SHELL | grep -E "/t?csh" > /dev/null && }
     . join(" && ", @qcsh)
     . q{ || }
     . join(" && ", @qbash)
     .q{;});

print shell_quote_scalar($Global::envvar);

Ole Tange

Posted 2012-10-02T15:47:44.607

Reputation: 3 034

0

Can you just base64-encode the variable? The easiest way to deal with this is probably to simply treat the data as binary.

export QFOO=`echo $FOO | base64 --wrap=0`
ssh server "export FOO=`echo \"$QFOO\" | base64 --decode --wrap=0`; <command>"

You might have to fiddle with the quoting on the ssh line, but that's the gist of it. This should remove shell specifics with regards to quoting, but might introduce some with sub-commands (I'm not much familiar with anything outside of bash)

Darth Android

Posted 2012-10-02T15:47:44.607

Reputation: 35 133

Not a bad idea. Though I probably cannot assume base64 is installed (base64 is part of GNU coreutils and only introduced 2006 - thus we cannot assume it is installed on non-GNU systems and on pre-2006 GNU systems). I can, however, assume an old version of Perl is installed, so using (un)pack with template "u*", that should be doable. – Ole Tange – 2012-10-02T20:52:23.163

uuencoded strings include *. ARGH! But hex encoded should work. – Ole Tange – 2012-10-02T21:07:12.600

I cannot find a way to make this work: As the command need to work under both csh and bash, I need to eval it. And as soon as I eval it then the * and ? will cause problems in csh. echo setenv U perl -e '($a="212223c2a425262f28293d410a417b5b5d7d5e7e2a41") =~ s/(..)/chr hex $1/eg;print $a' – Ole Tange – 2012-10-02T21:46:24.207

@OleTange Is openssl available? http://hints.macworld.com/article.php?story=20030721010526390

– Darth Android – 2012-10-02T21:52:45.863

Nope. But even if base64 was available it would not fix the issue: I still need to do the eval and it is that step that breaks in (t)csh if the variable contains * or ? (Bash works fine, and so does csh/tcsh as long as the variable does not contain * or ?). – Ole Tange – 2012-10-03T12:54:39.970

Asked: 2012-10-02T15:47:44.607

Viewed: 2 621 times

Active: 2012-10-15T11:54:19.760