3

I am trying to use $1, $2 variables which I have passed through command line to a bash shell script. These variables I am using within a ssh call. But its seems the variables within ssh are not getting replaced, the outer ones are getting replaced. Any workaround? Here's the code

#!/bin/bash

ssh -t "StrictHostKeyChecking=no" -i  $1 user@ip<<'EOF1'

ssh -t -i $1 user2@ip2 <<'EOF2'

exit
EOF2

exit
EOF1

Here the first $1 gets replaced but the second one doesn't. Its basically key name for password less authentication

Improve this question
1
  • If you want a better answer than what I've provided already, you'll need to ask a better question. Show code to reproduce the issue, perhaps? Commented May 16, 2016 at 20:02

2 Answers 2

Reset to default
6

Use printf %q to generate an eval-safe string version of your argument list:

# generate a string which evals to list of command-line parameters
printf -v cmd_str '%q ' "$@"

# pass that list of parameters on the remote shell's command line
ssh "$host" "bash -s $cmd_str" <<'EOF'
  echo "This is running on the remote host."
  echo "Got arguments:"
  printf '- %q\n' "$@"
EOF

For what you're really doing, the best practice is probably to use a ProxyCommand -- see the relevant documentation -- and to have your private key exposed via agent forwarding, rather than having it sitting on your bounce host on-disk. That said, it's straightforward enough to adopt the answer given above to fit the code in the question:

#!/bin/bash
printf -v args '%q ' "$@"
echo "Arguments on original host are:"
printf '- %q\n' "$@"
ssh -t "StrictHostKeyChecking=no" -i "$1" user@ip "bash -s $args" <<'EOF1'
  printf -v args '%q ' "$@" 
  echo "Arguments on ip1 are:"
  printf '- %q\n' "$@"
  ssh -t -i "$1" user2@ip2 "bash -s $args" <<'EOF2'
    echo "Arguments on ip2 are:"
    printf '- %q\n' "$@"
EOF2
EOF1
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

@user3780835, ...expanded accordingly.
Thanks Charles for your time. I'd look into ProxyCommand as well.
1

Much simpler is to let ssh handle the tunneling for you.

ssh -o ProxyCommand="ssh user1@ip1 nc -w 10 %h %p" user2@ip2

(This example found at http://undeadly.org/cgi?action=article&sid=20070925181947).

Improve this answer

3 Comments

Definitely true -- being why I mentioned it in my answer [with a link to the OpenSSH Cookbook section on the subject] after the OP extended their question to make what they were doing clear. Being a bit more explicit -- as you're doing here -- doesn't hurt.
Hi charles/chepner, is it possible that the key for ip2 is on my main server and not on ip1? (The login to ip2 is possible via ip1 only though)
It should be, if you run an ssh-agent on your local machine and enable agent forwarding with the -A option (ssh -A -o ProxyCommand...).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.