Skip to content

Commit

Permalink
Merge pull request #5351 from laurazard/backport-27.x-disable-pseudot…
Browse files Browse the repository at this point in the history
…erminal-ssh

[27.x backport] disable pseudoterminal creation
  • Loading branch information
vvoland authored Aug 16, 2024
2 parents d01f264 + 83f6ca4 commit 7227402
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 0 deletions.
12 changes: 12 additions & 0 deletions cli/connhelper/connhelper.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,7 @@ func getConnectionHelper(daemonURL string, sshFlags []string) (*ConnectionHelper
args = append(args, "--host", "unix://"+sp.Path)
}
sshFlags = addSSHTimeout(sshFlags)
sshFlags = disablePseudoTerminalAllocation(sshFlags)
args = append(args, "system", "dial-stdio")
return commandconn.New(ctx, "ssh", append(sshFlags, sp.Args(args...)...)...)
},
Expand Down Expand Up @@ -79,3 +80,14 @@ func addSSHTimeout(sshFlags []string) []string {
}
return sshFlags
}

// disablePseudoTerminalAllocation disables pseudo-terminal allocation to
// prevent SSH from executing as a login shell
func disablePseudoTerminalAllocation(sshFlags []string) []string {
for _, flag := range sshFlags {
if flag == "-T" {
return sshFlags
}
}
return append(sshFlags, "-T")
}
34 changes: 34 additions & 0 deletions cli/connhelper/connhelper_test.go
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
package connhelper

import (
"reflect"
"testing"

"gotest.tools/v3/assert"
Expand Down Expand Up @@ -29,3 +30,36 @@ func TestSSHFlags(t *testing.T) {
assert.DeepEqual(t, addSSHTimeout(tc.in), tc.out)
}
}

func TestDisablePseudoTerminalAllocation(t *testing.T) {
testCases := []struct {
name string
sshFlags []string
expected []string
}{
{
name: "No -T flag present",
sshFlags: []string{"-v", "-oStrictHostKeyChecking=no"},
expected: []string{"-v", "-oStrictHostKeyChecking=no", "-T"},
},
{
name: "Already contains -T flag",
sshFlags: []string{"-v", "-T", "-oStrictHostKeyChecking=no"},
expected: []string{"-v", "-T", "-oStrictHostKeyChecking=no"},
},
{
name: "Empty sshFlags",
sshFlags: []string{},
expected: []string{"-T"},
},
}

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
result := disablePseudoTerminalAllocation(tc.sshFlags)
if !reflect.DeepEqual(result, tc.expected) {
t.Errorf("expected %v, got %v", tc.expected, result)
}
})
}
}

0 comments on commit 7227402

Please sign in to comment.