Secure Shell (SSH) Commands (Execute)

SSH is a network protocol that allows you to connect to a shell on remote devices via a secured connection and to execute commands on these devices. It can be used to access shell accounts on Linux and Unix systems, and on various devices, such as ethernet switches.

The Task Execute Secure Shell (SSH) Commands allows you to build your own, custom Ivanti Automation Tasks that use Secure Shell commands. These custom Tasks can be scheduled on any Agent, who will then connect to the specified computer and execute the specified commands.

For example, if the servers in a server farm are equipped with a remote access card, you can use this Task to power down most servers in the server farm during the weekend and reboot these servers when necessary. This can save considerable costs.

The following encryption algorithms are supported:

  • aes256-cbc
  • 3des-cbc
  • aes256-ctr    256-bit AES encryption in CTR mode
  • aes192-ctr    192-bit AES encryption in CTR mode
  • aes192-cbc   192-bit AES encryption in CBC mode
  • aes128-ctr    128-bit AES encryption in CTR mode
  • aes128-cbc   128-bit AES encryption in CBC mode
  • 3des-ctr        192-bit (3-key) triple DES encryption in CTR mode

Prerequisites

  • Secure Shell commands can be executed on devices on which the SSH service is running.
  • For this Task, .NET Framework 2.0 must be installed on the Agent running this Task. When running this Task on a Agent+, Microsoft .NET Framework 4.5.2 (Full version) is required.

Configuration

Settings tab

  • You can use user/password authentication or user/certificate authentication.
  • You can specify Secure Shell commands manually (on the Commands tab), but you can also use Secure Shell commands that have been stored as a Resource.
  • With the option Create script on remote host you can run specified Shell commands as a script on a remote host, instead of executing them per command. If selected, Ivanti Automation will create a script file in the user's home directory on the remote host.
    • With the option Run script as superuser, you can run scripts with sudo. The sudo command is a program for certain Linux and Unix operating systems that allows a permitted administrator to run commands with the security privileges of another user (normally the root). Before you select this option, please make sure the sudoers configuration file permits access to execute the su command to the relevant user account.
  • With the option Set parameter with standard output you can place the standard output into a parameter, for use in another Task in the Module (e.g. a Query). The standard output parameter can contain a maximum of 4MB.
  • In the field Timeout command execution after, you can specify a maximum number of 9999 minutes (about 166 hours and 40 minutes). You can use parameters, functions and variables.
    • If the use of parameters, functions and/or variables in the field Timeout command execution after results in non-numeric values (text) when the Task is executed, the timeout will use a fall back value of 1 minute.
    • In certain situations, Agents can continue to execute the remaining commands in the script when the timeout expired. You can prevent situations like these by selecting Terminate process when timeout expires.

Commands tab

  • Scripts can be typed in directly. You can use Ivanti Automation functions, Ivanti Automation parameters and environment Variables in Secure Shell commands. These Variables, functions and parameters will be parsed when the Task is executed.
  • Use the File extension of script field to specify the file extension that Ivanti Automation should use. This extension is used to save the script as a script file in the specified format when the Task is executed. Ivanti Automation will save this file in the temporary folder on the Agent that executes the Task.
  • Use the Open in editor button to open an external editor that is associated with the specified file extension in the File extension of script field. This makes it easier to create complex scripts and troubleshoot existing ones. After creating or editing the script, it will be copied from the external editor to the Script tab. For more information on how to configure file associations, see http://msdn.microsoft.com/en-us/library/windows/desktop/cc144175%28v=vs.85%29.aspx.
    • The Commands tab has a limit of 64KB. If you use an external editor to edit a script, Ivanti Automation will disregard any characters that exceed this limit.f
  • When this Task is executed, any output is shown in the detailed Job history per Agent, on a separate tab Console Output. This output can also be viewed using Notepad.

If you place a script on the remote host to which the Agent that executes this Task should connect, you can use a Secure Shell command to call this script.