github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-08 20:08:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): harden SSH target handling (#4001)

Browse Source 
Thanks @YLChen-007.

Co-authored-by: Edward-x <YLChen-007@users.noreply.github.com>
This commit is contained in:
Peter Steinberger
2026-01-29 16:33:36 +00:00
parent 4b5514a259
commit 06289b36da
8 changed files with 82 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/infra/ssh-config.ts
View File

@@ -58,7 +58,8 @@ export async function resolveSshConfig(
args.push("-i", opts.identity.trim());
}
const userHost = target.user ? `${target.user}@${target.host}` : target.host;
args.push(userHost);
// Use "--" so userHost can't be parsed as an ssh option.
args.push("--", userHost);
return await new Promise<SshResolvedConfig | null>((resolve) => {
const child = spawn(sshPath, args, {