We have setup Microsoft's implementation of OpenSSH server on a Windows server 2019 (v1809) and have activated authentication based on public keys. We would like to deploy forced commands and are struggling with space characters in the path of such commands.
A minimal example:
User user1 has the following authorized_keys file:
command="C:\Program Files\SomePath\SomeProgram.exe" ssh-ed25519 AAAAC3N...
When we try to ssh into that machine as that user, the following happens:
$ ssh -i <user1_key_id> user1@server.example.com
'C:\Program' is not recognized as an internal or external command,
operable program or batch file.
Connection to server.example.com closed.
(Please note that we have an SSH agent running so that there is no passphrase query in the above terminal session snippet.)
IMHO, it's quite clear that the problem is due to the space character in the path of the program which should be executed. However, we are unsure why the double quotes around the command in the authorized_keys file don't prevent the problem. We have tried to add a further pair of double quotes using the well-known escaping methods:
command="\"C:\Program Files\SomePath\SomeProgram.exe\"" ...
command="^"C:\Program Files\SomePath\SomeProgram.exe^"" ...
command="""C:\Program Files\SomePath\SomeProgram.exe""" ...
The first one lead to the same error as described above. The second one and the third one lead to another error message:
user1@server.example.com: Permission denied (publickey).
Now we are stuck and have the following question:
How do we need to write the command above in the authorized_key files for Microsoft OpenSSH server for Windows?
