• 0
Jared Thompson

Feature Request - Add Certificate Based SSH Auth to Groovy Script

Question

I am attempting to SSH into several servers using Groovy Script, in the following manner:

import com.santaba.agent.groovyapi.expect.Expect

hostname = hostProps.get("system.hostname");

sshuser=hostProps.get("ssh.user");

sshpass=hostProps.get("ssh.pass");

cli = Expect.open(hostname,sshuser,sshpass)

Instead of logging in with a username and password, I wish to login with a client certificate instead. I reached out to LM support, and they confirmed that certificate based ssh authentication is not supported in Groovy Script.

To workaround this, I am doing this instead, where the certificate is installed on my "Jump Host":

import com.santaba.agent.groovyapi.expect.Expect

hostname = hostProps.get("system.hostname");

sshuser=hostProps.get("ssh.user");

sshpass=hostProps.get("ssh.pass");

sshjumphost=hostProps.get("ssh.jumphost");

//First, open SSH to our JumpHost

cli = Expect.open(sshjumphost,sshuser,sshpass)

//Next, execute remote ssh command on the host, from the jumphost's ssh session

cli.send("/usr/bin/ssh " + sshuser + "@" + hostname + " /home/someuser/somecommand \n")

cli.send("exit \n")

cli.expectClose()

cli.stdout().eachLine { line ->

if ( line =~ /(GOOD|ERROR) - (.*)/ ) {

println line

}

}

This works well as a workaround, but I would prefer to not have to SSH twice to get the value.

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0

Hey Jared,

AFAICT, LM packages "Expect4j" which more capabilities than what we use via package com.santaba.agent.groovyapi.expect.Expect.

Some things to try:

A) Installing Expect4j on your collector, and using this library directly

B) Execute the local SSH environment of your [linux] collector.  Just like you're using your jump box, except you have the collector invoke it's SSH instead (does not require Expect).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.