Configuring the SSH adapter

For the SSH adapter, in addition to target computers defined in the adapter configuration, you can define dynamic target computers in each adapter request. If a dynamic target is defined in the SSH adapter request, use a configuration node, <config/>, in the adapter configuration.

BMC recommends that you do not include unused elements in the adapter configuration because they might cause errors.

Adapter type: ro-adapter-ssh_20.15.02.00 

Default adapter name: SSHAdapter

To configure the SSH adapter, see Configuring base adapters.

The following table describes the adapter configuration elements for the SSH adapter that you can specify by using the form view, XML view, or both. You cannot use the form view to configure elements and attributes that do not have an entry in the "UI label" column.

Configuration node elements of the SSH adapter

UI label

Element

Description

Required

Target

<target>

Specifies the host name or the IP address of the remote host computer

Note

You can specify an IPv6 address with a zone ID for the <target> element—for example, <target>fe80::20c:29ff:fe5d:38f0%eth0</target>.
To find the zone ID of the required computer, see Zone ID for an IPv6 address.

Yes

Port

<port>

Specifies the port on which the remote host listens

Default value: 22

No

User Name

<user-name>

Specifies the user name required for remote host authentication

Yes

Password

<password>

Specifies the password corresponding to the specified user name

The <private-key-file> element is used if you do not provide the <password> element.

The <password> element can contain an encryption-type attribute.

Note

If you provide the <password> and <private-key-file> elements in the grid configuration, the <private-key-file> approach is used and the <password> element is ignored.

No

Encryption Type

<encryption-type>

Indicates whether the password specified is encrypted; is an attribute of the <password> element, not an element itself

Valid values: Base64, Plain (default)

No

Private Key File

<private-key-file>

Identifies the path and file name of the local SSH key file

This file is used for public key authentication. The path and file must exist on the peer servicing the adapter request.

Note

If you provide the <password> and <private-key-file> elements in the Grid Configuration, the <private-key-file> approach is used and the <password> element is ignored.

Conditional; used if the <password> element is not provided

Private Key Data

<private-key-data>

Specifies the private key data of the local SSH key file

The <private-key-data> element is used if the <password> element is not specified. If both <password> and <private-key-data> elements are specified, then the value of the <private-key-data> element is used.

Note

The <private-key-data> element should be preferred over the <private-key-file> element.

No

Pass Phrase

<pass-phrase>

Identifies the passphrase that protects the private key file

This element can contain an encryption-type attribute.

Conditional; used if the <password> element is not provided

Encryption Type

<encryption-type>

Indicates whether the passphrase specified is encrypted; is an attribute of the <pass-phrase> element, not an element itself

Valid values: Base64, Plain (default)

No

Prompt

<prompt>

Specifies the console prompt displayed when the system is waiting for a command (the terminating string, typically ending with $, >, or #)

Each command executes in a separate session, as if each command is executing in a new command shell. This prompt indicates the completion of the command execution. It must be unique, not matching the potential command output to prevent parsing issues.

Conditional; required to use the proxy command feature

Use Shell Mode<use-shell-mode>

Specifies whether each command should be executed on a shell session without using a prompt

Valid values: true, false (default)

Do not use the <use-shell-mode> element if another input element is required to complete the command. For example, the ssh user@target pwd does not execute unless the password is specified.

Conditional; do not use if you are already using the <prompt> element

None

<verify-os>

Determines whether the adapter must determine the target OS type soon after authentication is complete or a connection is established

Valid values: true (default), false

If the value of the <verify-os> element is true, the type of OS is verified and the exit codes are returned by the executed commands. Else, the type of OS is not verified and none of the commands executed return an exit code.

No

Timeout Secs

<timeout-secs>

Specifies the time, in seconds, to wait for the expected prompt to be returned

If the expected prompt is not returned before the specified period has elapsed, an error message is returned.

You need this element even if you specify the <establish-connection-timeout-secs> element defined in the target block or the <timeout-secs> element defined in the command block.

This element is used for the echo $? commands to pick up the exit code of the commands, and is also used as the timeout for all the commands run to determine the kind of operating system to which the adapter is connected. This element is not used when connecting to or disconnecting from the adapter.

Default value: 60 seconds

No

Known Hosts Config

<known-hosts-config>

Identifies the path to the local known_hosts file

This file is used to perform key verification.

Default value: home_dir/.ssh/known_hosts

No

Allow Unknown Hosts

<allow-unknown-hosts>

Determines whether a connection must continue if the key verification fails

Valid values: true (default), false
With a value of true, the connection is maintained when connecting to an unknown or mismatched system. With a value of false, the connection is dropped and the adapter response returns an error.

No

Preferred Pk Algorithm

<preferred-pk-algorithm>

Specifies the preference of the algorithm used to encrypt the public key

Valid values: ssh-dss, ssh-rsa (default)

No

Establish Connection Timeout Secs

<establish-connection-timeout-secs>

Specifies the time, in seconds, that the adapter waits for user authentication on the target server

If authentication is not successful within the specified time, an error message is returned.

The <establish-connection-timeout-secs> element also detects an idle connection. Even if the adapter is busy, if a command takes longer than this time to finish and returns no progress messages or any input of any type for longer than the <establish-connection-timeout-secs>, the adapter disconnects. The adapter disconnects after <establish-connection-timeout-secs> even if you specify the <timeout-secs> to be longer.

For example, if <establish-connection-timeout-secs> is 60 seconds, and <timeout-secs> is 1800 seconds, but the command returns nothing while it runs, the adapter times out at 60 seconds.

However, if the command returns some progress indication (messages of each step it does, dots, and so on), the adapter does not disconnect until 1800 seconds.

Default value: 60 seconds

No

Network Environment

<network-environment>

Creates an extra channel session for use with Oracle Solaris 9

Valid values: true, false (default)

Note

The value must be false when connecting to network devices.

No

Line Termination

<line-termination>

Specifies the line termination character used with the SSH command

Typically, the value is a hexadecimal value
for \r (&#D;) or \n (&#A;).



Default value: No line termination character is assigned

No

Character Set

<character-set>

Specifies the supporting CharSet

CharSet is also called Character set and includes identifiers describing a series of universal characters.

Default value: ISO-8859-2

No

Read Buffer Size

<read-buffer-size>

Specifies the buffer size, in bytes, which will be used to read from I/O Streams

Default value: 1024

No


The following figure shows the XML template for SSH adapter configuration with password approach.

 XML template of the SSH adapter configuration with password approach

<config> 
  <config name = ""> 
    <target></target> 
    <port></port> 
    <user-name></user-name> 
    <password encryption-type=""> </password> 
    <prompt></prompt> 
    <verify-os></verify-os> 
    <read-buffer-size></read-buffer-size> 
    <timeout-secs></timeout-secs> 
    <known-hosts-config></known-hosts-config> 
    <allow-unknown-hosts></allow-unknown-hosts> 
    <preferred-pk-algorithm></preferred-pk-algorithm> 
    <establish-connection-timeout-secs></establish-connection-timeout-secs> 
    <network-environment></network-environment> 
    <line-termination></line-termination> 
</config>

The following figure shows the XML template for SSH adapter configuration with private-key-file approach.

 XML template of the SSH adapter configuration with private-key-file approach

<config>
   <config name = "">
      <target></target>
      <port></port>
      <user-name></user-name>
      <private-key-file></private-key-file>
      <pass-phrase encryption-type=""></pass-phrase>
      <prompt></prompt>
      <verify-os></verify-os>
      <timeout-secs></timeout-secs>
      <read-buffer-size></read-buffer-size>
      <known-hosts-config></known-hosts-config>
      <allow-unknown-hosts></allow-unknown-hosts>
      <preferred-pk-algorithm></preferred-pk-algorithm>
      <establish-connection-timeout-secs></establish-connection-timeout-secs>
      <network-environment></network-environment>
      <line-termination></line-termination>
 </config>

Recommendation

BMC recommends that you use the password or the private-key-file approach; not both the approaches together.

The following figure shows the XML template for SSH adapter configuration with private-key-data approach.

 XML template of the SSH adapter configuration with private-key-data approach

<config name="testPKA">
   <target>10.128.248.118</target>
   <user-name>name</user-name>
   <private-key-data>--BEGIN RSA PRIVATE KEY----
       Proc-Type: 4,ENCRYPTED
       DEK-Info: DES-EDE3-CBC,0FFD900EA089BBDD
       S5lpB02OesPZ9bEXJfYaziok9kSs46VfgHRF1WPgRQGFOnVvs0m+KU1iL5EiFzRC
       m3q9h2Dat+uLzdrnGWyAjaiTqAnlMcBtlgdu6UQfwPipXMMnOJpU2M0+8NqtZGiL
       3yFK6Zoox9EQ+enU2KlV05UUpo6I0erHvHcigDDK6tI4x50H7dHVtNixOlH3a/q5
       3A0t6ccPaOcBui+dsTO65nK7AcywRzhdhSBrDaFBoJBuBqiZ5p3AAi2xre+QAIpx
       wCoDBp76FRFePv2NYl7KEH4ajU4kR6DQoJiwgoD9TE6S/OwY79gr1cAoYQt+ldDi
       xiMzm5gV4BooYQDX8j63Qt6qABhOAAzATbOBedHdtRsn01B6saRtjrdI2QrHzx0t
       Cw/d3RoUS16uoXi66eA9L6dnwa5dyfO1KhkA3NV5LkX7NXfu5wu8Oua3JOnbRCIH
       shTrprCuwRFfUEqKz+KytckMbuVFPmD79pw4vsIWemN2xAPMdQEUFzprxWaI+6SY
       H0GSfiekfPBlE+8/jR2+a3giTAuRnUlchcCG7G95T/rREYzlx4vLTjVA3gzw/CPE
       9fcEBvgJVTY7VkpKQspsV9WM5tDKUJbsLG1UIKTa+ZLyIC1Nd9QroDGWbT72QxnA
       jzNDLS/CB4i/DK71dri19AZLre5pXL4G1Jgw192l+xx2oXv0xdHPHArBSpdnKQdo
       81ytjZomCPH41Ez5HxIBRHYWJz/rKsFPcnfAHCgRAxDJU8WXEB6GhwAvFqc6VFdK
       7HkD1Ec3uVw5BDize8DWY/fLJQL4T4zwvirWAlMQrbrdRwRc+9WxikBy1oVvxN4U
       dSUSsePwQ9QQq0PhKx+a3A/Ue9y/H51SEXsA46Uhtk9QV39D5tWEs/DoGqn8glGE
       I77saju3aQCjlpXq9QQXVAhvScG4MMhlri87DiCKa4PJ7kvq5d4IizlxMq0wjflX
       nrTqZDvMUAudZgi86679Km2WG5ZwSgXNOjA+B/Jo5c/T4Z1gWlnvpW5R0PUnsrMx
       V7U3fWcq2R8XUQzOdc4dJx55e8kP3tilO3HbNmfDRAgPoBUE1nIfRpv738nYbbOl
       msSrcv2lULIsF1qvA69ZOM5ziKvu0ElpgHMhZTGB4mcO8bDuBIdVeYhmmBgNL5r1
       GPOjdA/rqchWovR2SdCPTN0QiAhdFSzOKXSCJnv29dXsWSEUiYiXnTkLuyNOIgTS
       5ypd6MzPDbY8gWL/OYrdC8H98jt9YiZVroU7ra9zFoRC8cXbKgZevqoNnUUBTcfa
       pj5VzhKsHOwcObdL/oGxum97CDpjNoUYjqEF2W8N6rnScaCqoInOjGkm0WLxreLD
       BwsOJ2J7c40sr0gWzDGBC70HmA2rQba9TWZDuoE98H8XAv8Pdnv9K8+u/Q6IoXpo
       LJJmvjvA4LiPGn688+nKrcvrx8D5iz64ynQ2TaQlwz538AKFsaIBrn2F1oSnZ09M
       m45n5Rgkih0pti9SiOHbm84X7696mQLdh2y07U1IXj+uQoC30gJHKQa37kEEKYeV
       +ERwLmMr+JH2DWADnBMqizd2+ROo0V2vL4Vj17B+9rGg0LmnyCkyQQ==
       --END RSA PRIVATE KEY----
   </private-key-data>
   <prompt>$</prompt>
   <pass-phrase encryption-type="plain">changeit</pass-phrase>
</config> 

The following figure shows an XML sample for SSH adapter configuration with CharSet.

 XML sample of the SSH adapter configuration with CharSet

<config name="KbiConfig">
  <target>server1</target>
  <user-name>testuser</user-name>
  <port>22</port>
  <password>abc</password>
   <verify-os>true</verify-os>
  <read-buffer-size>1024</read-buffer-size>
  <timeout-secs></timeout-secs>}}
  <allow-unknown-hosts>true</allow-unknown-hosts>
  <character-set>Shift_JIS</character-set>
</config>

The following figure shows an XML sample for SSH adapter configuration by using the <use-shell-mode> element

 Sample XML for configuring the SSH adapter by using the <use-shell-mode> element
<config>
    <target>ABCXYZ</target>
    <user-name>root</user-name>
    <password>password</password>
    <allow-unknown-hosts>true</allow-unknown-hosts>
    <use-shell-mode>true</use-shell-mode>
    <establish-connection-timeout-secs>70</establish-connection-timeout-secs>
    <character-set>UTF-8</character-set>
</config>
Was this page helpful? Yes No Submitting... Thank you

Comments