MID Server SSH command

Ronald Lucas
Tera Contributor

Hi.

Is there a way I can see the actual SSH command being executed by a MID server when its discovering a Linux server? 

Something like:

"ssh user@host sudo lsof ..."

Thanks,

Ron

2 REPLIES 2

tim_broberg
ServiceNow Employee
ServiceNow Employee

In fact, there is.

I strongly recommend making sure sncssh is enabled.

When you turn on debug logging, you will see a whole bunch of information dumped out, which with start with "Using SNC".

For execution, you'll be looking for exec service requests like this:

06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22]  Processing ExecInitiateMsg
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Sending packet (before compression or encryption):
  ByteBuffer: position(0), limit(25), capacity(25)
    0000:   62 00 00 00 00 00 00 00   04 65 78 65 63 01 00 00    b....... .exec...
    0010:   00 07 65 63 68 6f 20 24   30                         ..echo $ 0
As ASCII: b........exec.....echo $0
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Sending packet 8; 68 bytes: CHANNEL_REQUEST(0) type: exec, want reply: true, type-specific data: 11 bytes
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Set timeout 120 secs com.snc.ssh.SSHTimeout@25593b13

 

If sudo is required, you will generally find a sequence something like:

  1. echo $0 # Identify shell
  2. sudo -h # Establish sudo options, if sudo is required
  3. sudo -l # Find sudo permissions
  4. sudo <command>

If no sudo, then no sudo.

If scripts are required, for any of several reasons, there will also be some scp of scripts before and deletion after.

    - Tim.