Run SSH Command
The Run SSH Command activity opens an SSH connection to a remote server and runs shell commands on that server. Use the Run SSH Command activity to run backup applications or a batch script that runs a set of complex commands on a non-Windows computer. The Run SSH Command activity can run any command in a Secure Shell.
Run SSH Command activity is based on PuTTY beta .70. The implementation of SSH in "Run SSH Command" has certain limitations:
The Run SSH Command activity doesn't work against all SSH-1 and SSH-2 servers. In general, this activity functions with most SSH servers, but it doesn't work for all SSH server implementations.
You must download and use the PuTTy key generation tool to create keys for the Run SSH Command activity. The key generation tool is available at Download PuTTY - a free SSH and telnet client for Windows.
The Run SSH Command activity supports SSH-1. Microsoft doesn't recommend the use of SSH-1. If you want to prevent the Run SSH Command activity from using SSH-1, you should use a key file that contains keys that don't support SSH-1. Don't use a username and password pair; use a key file.
The property Accept Host Key Change is not a recommended setting. This property should only be used to establish the initial connection to a computer when the key is stored on the runbook server. Runbooks that contain the Run SSH Command activity should be configured with Accept Host Key Change disabled. When you use this property, it disables the validation of the identity of the SSH server and represents a security risk.
You should review the list of cryptographic ciphers supported by PuTTY, which is found at https://the.earth.li/~sgtatham/putty/0.70/htmldoc/Chapter4.html#config-ssh-encryption.
PuTTY beta .61 uses a pseudorandom number generator suitable for most cryptographic purposes. It isn't recommended for the generation of long-term cryptographic keys.
For more information about PuTTY, go to Download PuTTY - a free SSH and telnet client for Windows.
Configure the Run SSH Command Activity
Before you configure the Run SSH Command activity, you need to determine the following:
Connection information for the computer that hosts the SSH server that you want to connect to.
Commands that you want to run.
Whether you require a key file to sign in to the server before you are able to run commands; this depends on your SSH server.
Use the following information to configure the Run SSH Command activity.
Details
Settings | Configuration Instructions |
---|---|
Computer | Type the name of the computer or IP address where the SSH server is running. You can also use the ellipsis (...) button to browse for the computer. |
Port | Type the port number that you need to use to connect to the SSH server. |
Run Command | Select this option and type the command that you want to run on the SSH server after the connection has been established. |
Command Set File | Select this option and specify a file that contains a set of commands that will be run on the SSH server when the connection has been established. The command set file must use the scripting language of the native shell on the SSH server. |
Accept Host Key Change | Select this option to accept host key changes when they occur. Security Note: It is recommended that you don't use this setting because it can cause a runbook to accept any change in a server, including any that are for malicious purposes. By selecting this option, you are instructing the activity to connect to any server, regardless of the host key. Only use this option for testing purposes. |
Connection Timeout | Specify the amount of time, in seconds, that the Run SSH Command activity will wait for the SSH command to complete. Configure a value of 0 (zero) or leave the box blank to wait indefinitely.After the timeout period has elapsed, the Run SSH Command activity times out and returns a warning. The command that you ran may continue running, regardless of whether the Run SSH Command activity times out. |
Advanced
Settings | Configuration Instructions |
---|---|
Username | Type the username that you need to sign in to the SSH server. |
Password | Select this option and type the password that is associated with the Username that you specified. |
Key File | Select this option to specify a key file to use. You must use the PuTTY key file generator to create a key file. You can download this tool from Download PuTTY - a free SSH and telnet client for Windows. |
Passphrase | Type the passphrase that is associated with the key file that you specified. |
Published Data
The following table lists the published data items.
Item | Description |
---|---|
Command | The command that ran on the SSH server. This data is not available when the Command Set File option is selected. |
Command Set file | The command set file that was used to run commands on the SSH server. This option is not available when the Run Command option is selected. |
Computer name | The name or IP address of the SSH server. |
Execution Result | The text that was published as output from the commands that were run on the SSH server. |
Exit Code | The exit code published by the command. When using a command set file, this will be the exit code of the last command in the file. |
Key file path | The path of the key file that was used to authenticate with the SSH server. |
Port | The port used to connect to the SSH server. |
Username | The username used to sign in to the SSH server. |
Next steps
See the article on how to get the SNMP variables.