Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

MID Server SSH command

Ronald Lucas
Tera Contributor

‎08-03-2018 12:05 PM

Hi.

Is there a way I can see the actual SSH command being executed by a MID server when its discovering a Linux server? 

Something like:

"ssh user@host sudo lsof ..."

Thanks,

Ron

Labels:
0 Helpfuls
  • 1,794 Views
2 REPLIES 2

tim_broberg
ServiceNow Employee
ServiceNow Employee

‎08-03-2018 12:23 PM

In fact, there is.

I strongly recommend making sure sncssh is enabled.

When you turn on debug logging, you will see a whole bunch of information dumped out, which with start with "Using SNC".

For execution, you'll be looking for exec service requests like this:

06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22]  Processing ExecInitiateMsg
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Sending packet (before compression or encryption):
  ByteBuffer: position(0), limit(25), capacity(25)
    0000:   62 00 00 00 00 00 00 00   04 65 78 65 63 01 00 00    b....... .exec...
    0010:   00 07 65 63 68 6f 20 24   30                         ..echo $ 0
As ASCII: b........exec.....echo $0
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Sending packet 8; 68 bytes: CHANNEL_REQUEST(0) type: exec, want reply: true, type-specific data: 11 bytes
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Set timeout 120 secs com.snc.ssh.SSHTimeout@25593b13

 

If sudo is required, you will generally find a sequence something like:

  1. echo $0 # Identify shell
  2. sudo -h # Establish sudo options, if sudo is required
  3. sudo -l # Find sudo permissions
  4. sudo <command>

If no sudo, then no sudo.

If scripts are required, for any of several reasons, there will also be some scp of scripts before and deletion after.

    - Tim.

0 Helpfuls