Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

MID Server SSH command

Ronald Lucas
Tera Contributor

‎08-03-2018 12:05 PM

Hi.

Is there a way I can see the actual SSH command being executed by a MID server when its discovering a Linux server? 

Something like:

"ssh user@host sudo lsof ..."

Thanks,

Ron

Labels:
0 Helpfuls
  • 2,150 Views
2 REPLIES 2

tim_broberg
ServiceNow Employee

‎08-03-2018 12:23 PM

In fact, there is.

I strongly recommend making sure sncssh is enabled.

When you turn on debug logging, you will see a whole bunch of information dumped out, which with start with "Using SNC".

For execution, you'll be looking for exec service requests like this:

06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22]  Processing ExecInitiateMsg
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Sending packet (before compression or encryption):
  ByteBuffer: position(0), limit(25), capacity(25)
    0000:   62 00 00 00 00 00 00 00   04 65 78 65 63 01 00 00    b....... .exec...
    0010:   00 07 65 63 68 6f 20 24   30                         ..echo $ 0
As ASCII: b........exec.....echo $0
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Sending packet 8; 68 bytes: CHANNEL_REQUEST(0) type: exec, want reply: true, type-specific data: 11 bytes
06/15/16 14:15:56 (664) SSHProtocolEngine DEBUG: [1/10.11.12.13:22] Set timeout 120 secs com.snc.ssh.SSHTimeout@25593b13

 

If sudo is required, you will generally find a sequence something like:

  1. echo $0 # Identify shell
  2. sudo -h # Establish sudo options, if sudo is required
  3. sudo -l # Find sudo permissions
  4. sudo <command>

If no sudo, then no sudo.

If scripts are required, for any of several reasons, there will also be some scp of scripts before and deletion after.

    - Tim.

0 Helpfuls