fix: properly support multi-word SSH commands

Signed-off-by: Bartek Mucha <muchzill4@gmail.com>

Author: muchzill4

cmd/limactl/copy.go

@@ -84,7 +84,7 @@ func copyAction(cmd *cobra.Command, args []string) error {
 		scpFlags = append(scpFlags, "-r")
 	}
 	// this assumes that ssh and scp come from the same place, but scp has no -V
-	legacySSH := sshutil.DetectOpenSSHVersion("ssh").LessThan(*semver.New("8.0.0"))
+	legacySSH := sshutil.DetectOpenSSHVersion(sshutil.SSHExe{Executable: "ssh"}).LessThan(*semver.New("8.0.0"))
 	for _, arg := range args {
 		if runtime.GOOS == "windows" {
 			if filepath.IsAbs(arg) {
@@ -135,14 +135,14 @@ func copyAction(cmd *cobra.Command, args []string) error {
 		// arguments such as ControlPath.  This is preferred as we can multiplex
 		// sessions without re-authenticating (MaxSessions permitting).
 		for _, inst := range instances {
-			sshOpts, err = sshutil.SSHOpts("ssh", inst.Dir, *inst.Config.User.Name, false, false, false, false)
+			sshOpts, err = sshutil.SSHOpts(sshutil.SSHExe{Executable: "ssh"}, inst.Dir, *inst.Config.User.Name, false, false, false, false)
 			if err != nil {
 				return err
 			}
 		}
 	} else {
 		// Copying among multiple hosts; we can't pass in host-specific options.
-		sshOpts, err = sshutil.CommonOpts("ssh", false)
+		sshOpts, err = sshutil.CommonOpts(sshutil.SSHExe{Executable: "ssh"}, false)
 		if err != nil {
 			return err
 		}

cmd/limactl/shell.go

@@ -196,13 +196,13 @@ func shellAction(cmd *cobra.Command, args []string) error {
 		)
 	}
 
-	arg0, arg0Args, err := sshutil.SSHArguments()
+	sshExe, err := sshutil.SSHArguments()
 	if err != nil {
 		return err
 	}
 
 	sshOpts, err := sshutil.SSHOpts(
-		arg0,
+		sshExe,
 		inst.Dir,
 		*inst.Config.User.Name,
 		*inst.Config.SSH.LoadDotSSHPubKeys,
@@ -224,7 +224,7 @@ func shellAction(cmd *cobra.Command, args []string) error {
 	logLevel := "ERROR"
 	// For versions older than OpenSSH 8.9p, LogLevel=QUIET was needed to
 	// avoid the "Shared connection to 127.0.0.1 closed." message with -t.
-	olderSSH := sshutil.DetectOpenSSHVersion(arg0).LessThan(*semver.New("8.9.0"))
+	olderSSH := sshutil.DetectOpenSSHVersion(sshExe).LessThan(*semver.New("8.9.0"))
 	if olderSSH {
 		logLevel = "QUIET"
 	}
@@ -235,7 +235,8 @@ func shellAction(cmd *cobra.Command, args []string) error {
 		"--",
 		script,
 	}...)
-	sshCmd := exec.Command(arg0, append(arg0Args, sshArgs...)...)
+	allArgs := append(sshExe.Args, sshArgs...)
+	sshCmd := exec.Command(sshExe.Executable, allArgs...)
 	sshCmd.Stdin = os.Stdin
 	sshCmd.Stdout = os.Stdout
 	sshCmd.Stderr = os.Stderr

cmd/limactl/show-ssh.go

@@ -93,7 +93,7 @@ func showSSHAction(cmd *cobra.Command, args []string) error {
 	logrus.Warnf("`limactl show-ssh` is deprecated. Instead, use `ssh -F %s %s`.",
 		filepath.Join(inst.Dir, filenames.SSHConfig), inst.Hostname)
 	opts, err := sshutil.SSHOpts(
-		"ssh",
+		sshutil.SSHExe{Executable: "ssh"},
 		inst.Dir,
 		*inst.Config.User.Name,
 		*inst.Config.SSH.LoadDotSSHPubKeys,

cmd/limactl/tunnel.go

@@ -82,13 +82,13 @@ func tunnelAction(cmd *cobra.Command, args []string) error {
 		}
 	}
 
-	arg0, arg0Args, err := sshutil.SSHArguments()
+	sshExe, err := sshutil.SSHArguments()
 	if err != nil {
 		return err
 	}
 
 	sshOpts, err := sshutil.SSHOpts(
-		arg0,
+		sshExe,
 		inst.Dir,
 		*inst.Config.User.Name,
 		*inst.Config.SSH.LoadDotSSHPubKeys,
@@ -107,7 +107,8 @@ func tunnelAction(cmd *cobra.Command, args []string) error {
 		"-p", strconv.Itoa(inst.SSHLocalPort),
 		inst.SSHAddress,
 	}...)
-	sshCmd := exec.Command(arg0, append(arg0Args, sshArgs...)...)
+	allArgs := append(sshExe.Args, sshArgs...)
+	sshCmd := exec.Command(sshExe.Executable, allArgs...)
 	sshCmd.Stdout = stderr
 	sshCmd.Stderr = stderr
 	logrus.Debugf("executing ssh (may take a long)): %+v", sshCmd.Args)

pkg/hostagent/hostagent.go

@@ -147,7 +147,7 @@ func New(instName string, stdout io.Writer, signalCh chan os.Signal, opts ...Opt
 	}
 
 	sshOpts, err := sshutil.SSHOpts(
-		"ssh",
+		sshutil.SSHExe{Executable: "ssh"},
 		inst.Dir,
 		*inst.Config.User.Name,
 		*inst.Config.SSH.LoadDotSSHPubKeys,

pkg/sshutil/sshutil.go

@@ -35,29 +35,36 @@ import (
 // in place of the 'ssh' executable.
 const EnvShellSSH = "SSH"
 
-func SSHArguments() (arg0 string, arg0Args []string, err error) {
+type SSHExe struct {
+	Executable string
+	Args       []string
+}
+
+func SSHArguments() (SSHExe, error) {
+	var sshExe SSHExe
+
 	if sshShell := os.Getenv(EnvShellSSH); sshShell != "" {
 		sshShellFields, err := shellwords.Parse(sshShell)
 		switch {
 		case err != nil:
 			logrus.WithError(err).Warnf("Failed to split %s variable into shell tokens. "+
 				"Falling back to 'ssh' command", EnvShellSSH)
 		case len(sshShellFields) > 0:
-			arg0 = sshShellFields[0]
+			sshExe.Executable = sshShellFields[0]
 			if len(sshShellFields) > 1 {
-				arg0Args = sshShellFields[1:]
+				sshExe.Args = sshShellFields[1:]
 			}
+			return sshExe, nil
 		}
 	}
 
-	if arg0 == "" {
-		arg0, err = exec.LookPath("ssh")
-		if err != nil {
-			return "", []string{""}, err
-		}
+	executable, err := exec.LookPath("ssh")
+	if err != nil {
+		return SSHExe{}, err
 	}
+	sshExe.Executable = executable
 
-	return arg0, arg0Args, nil
+	return sshExe, nil
 }
 
 type PubKey struct {
@@ -177,7 +184,7 @@ var sshInfo struct {
 //
 // The result always contains the IdentityFile option.
 // The result never contains the Port option.
-func CommonOpts(sshPath string, useDotSSH bool) ([]string, error) {
+func CommonOpts(sshExe SSHExe, useDotSSH bool) ([]string, error) {
 	configDir, err := dirnames.LimaConfigDir()
 	if err != nil {
 		return nil, err
@@ -243,7 +250,7 @@ func CommonOpts(sshPath string, useDotSSH bool) ([]string, error) {
 
 	sshInfo.Do(func() {
 		sshInfo.aesAccelerated = detectAESAcceleration()
-		sshInfo.openSSH = detectOpenSSHInfo(sshPath)
+		sshInfo.openSSH = detectOpenSSHInfo(sshExe)
 	})
 
 	if sshInfo.openSSH.GSSAPISupported {
@@ -287,12 +294,12 @@ func identityFileEntry(privateKeyPath string) (string, error) {
 }
 
 // SSHOpts adds the following options to CommonOptions: User, ControlMaster, ControlPath, ControlPersist.
-func SSHOpts(sshPath, instDir, username string, useDotSSH, forwardAgent, forwardX11, forwardX11Trusted bool) ([]string, error) {
+func SSHOpts(sshExe SSHExe, instDir, username string, useDotSSH, forwardAgent, forwardX11, forwardX11Trusted bool) ([]string, error) {
 	controlSock := filepath.Join(instDir, filenames.SSHSock)
 	if len(controlSock) >= osutil.UnixPathMax {
 		return nil, fmt.Errorf("socket path %q is too long: >= UNIX_PATH_MAX=%d", controlSock, osutil.UnixPathMax)
 	}
-	opts, err := CommonOpts(sshPath, useDotSSH)
+	opts, err := CommonOpts(sshExe, useDotSSH)
 	if err != nil {
 		return nil, err
 	}
@@ -361,13 +368,15 @@ var (
 	openSSHInfosRW sync.RWMutex
 )
 
-func detectOpenSSHInfo(ssh string) openSSHInfo {
+func detectOpenSSHInfo(sshExe SSHExe) openSSHInfo {
 	var (
 		info   openSSHInfo
 		exe    sshExecutable
 		stderr bytes.Buffer
 	)
-	path, err := exec.LookPath(ssh)
+	// TODO: Fix this function to properly handle complex SSH commands like "kitten ssh"
+	// The current LookPath, os.Stat, and caching logic doesn't work well for multi-word commands
+	path, err := exec.LookPath(sshExe.Executable)
 	if err != nil {
 		logrus.Warnf("failed to find ssh executable: %v", err)
 	} else {
@@ -381,7 +390,8 @@ func detectOpenSSHInfo(ssh string) openSSHInfo {
 		}
 	}
 	// -V should be last
-	cmd := exec.Command(path, "-o", "GSSAPIAuthentication=no", "-V")
+	allArgs := append(sshExe.Args, "-o", "GSSAPIAuthentication=no", "-V")
+	cmd := exec.Command(sshExe.Executable, allArgs...)
 	cmd.Stderr = &stderr
 	if err := cmd.Run(); err != nil {
 		logrus.Warnf("failed to run %v: stderr=%q", cmd.Args, stderr.String())
@@ -398,8 +408,8 @@ func detectOpenSSHInfo(ssh string) openSSHInfo {
 	return info
 }
 
-func DetectOpenSSHVersion(ssh string) semver.Version {
-	return detectOpenSSHInfo(ssh).Version
+func DetectOpenSSHVersion(sshExe SSHExe) semver.Version {
+	return detectOpenSSHInfo(sshExe).Version
 }
 
 // detectValidPublicKey returns whether content represent a public key.