On 12 Feb 2011, at 09:28, Andreas Schwab wrote: > > Bob Proulx <b...@proulx.com> writes: > >> Dennis Williamson wrote: >>> Yes, do your quoting like this: >>> ssh localhost 'bash -c "cd /tmp; pwd"' >> >> I am a big fan of piping the script to the remote shell. >> >> $ echo "cd /tmp && pwd" | ssh example.com bash >> /tmp > > Even better: > > $ ssh example.com bash <<\EOF > cd /tmp && pwd > EOF > > That avoids having to watch out for ' vs " quoting. > > Andreas.
The trouble with using stdin is that it becomes much harder to pass user data. If it's simple strings, one might be tempted to expand them instead: ssh example.com bash <<EOF cd "$remoteDir" && pwd EOF But that would be a really bad idea, since you're injecting data into bash code (if you don't see it yet, imagine a user forces remoteDir to contain mypath"; rm -rf ~; : "). The only sane way I can think of to solve this problem in a generically applicable fashion, is to use a construct such as: ssh example.com bash <<< "$(printf 'cd %q; pwd' "$remoteDir")"
