MID Server SSH command
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2018 12:05 PM
Hi.
Is there a way I can see the actual SSH command being executed by a MID server when its discovering a Linux server?
Something like:
"ssh user@host sudo lsof ..."
Thanks,
Ron
- Labels:
-
Discovery

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2018 12:19 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-03-2018 12:23 PM
In fact, there is.
I strongly recommend making sure sncssh is enabled.
When you turn on debug logging, you will see a whole bunch of information dumped out, which with start with "Using SNC".
For execution, you'll be looking for exec service requests like this:
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Processing ExecInitiateMsg
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Sending packet (before compression or encryption):
ByteBuffer: position(0), limit(25), capacity(25)
0000: 62 00 00 00 00 00 00 00 04 65 78 65 63 01 00 00 b....... .exec...
0010: 00 07 65 63 68 6f 20 24 30 ..echo $ 0
As ASCII: b........exec.....echo $0
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Sending packet 8; 68 bytes: CHANNEL_REQUEST(0) type: exec, want reply: true, type-specific data: 11 bytes
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Set timeout 120 secs com.snc.ssh.SSHTimeout@25593b13
If sudo is required, you will generally find a sequence something like:
- echo $0 # Identify shell
- sudo -h # Establish sudo options, if sudo is required
- sudo -l # Find sudo permissions
- sudo <command>
If no sudo, then no sudo.
If scripts are required, for any of several reasons, there will also be some scp of scripts before and deletion after.
- Tim.