diff --git a/internal/k8s/exec.go b/internal/k8s/exec.go index 060fdf1e..90a1a00b 100644 --- a/internal/k8s/exec.go +++ b/internal/k8s/exec.go @@ -168,10 +168,6 @@ func (c *Client) getExecutor(ctx context.Context, namespace, deployment, if container == "" { container = firstContainer } - // check the command. if there isn't one, give the user a shell. - if len(command) == 0 { - command = []string{"sh"} - } // construct the request req := c.clientset.CoreV1().RESTClient().Post().Namespace(namespace). Resource("pods").Name(firstPod).SubResource("exec") diff --git a/internal/sshserver/sessionhandler.go b/internal/sshserver/sessionhandler.go index b336bc61..1684f80e 100644 --- a/internal/sshserver/sessionhandler.go +++ b/internal/sshserver/sessionhandler.go @@ -2,6 +2,7 @@ package sshserver import ( "fmt" + "strings" "github.com/gliderlabs/ssh" "github.com/prometheus/client_golang/prometheus" @@ -17,6 +18,21 @@ var ( }) ) +func sshifyCommand(sftp bool, cmd []string) []string { + // if this is an sftp session we ignore any commands + if sftp { + return []string{"sftp-server", "-u", "0002"} + } + // if there is no command, assume the user wants a shell + if len(cmd) == 0 { + return []string{"sh"} + } + // if there is a command, wrap it in a shell the way openssh does + // https://github.com/openssh/openssh-portable/blob/ + // 73dcca12115aa12ed0d123b914d473c384e52651/session.c#L1705-L1713 + return []string{"sh", "-c", strings.Join(cmd, " ")} +} + // sessionHandler returns a ssh.Handler which connects the ssh session to the // requested container. // @@ -41,9 +57,7 @@ func sessionHandler(log *zap.Logger, c *k8s.Client, sftp bool) ssh.Handler { ) // parse the command line arguments to extract any service or container args service, container, cmd := parseConnectionParams(s.Command()) - if sftp { - cmd = []string{"sftp-server", "-u", "0002"} - } + cmd = sshifyCommand(sftp, cmd) // validate the service and container if err := k8s.ValidateLabelValue(service); err != nil { log.Debug("invalid service name",