SSH2 Bibliothek von Trilead: info@trilead.com, www.trilead.com
Eine ähnliche SSH-Implementation gibt es unter http://www.ganymed.ethz.ch/ssh2/.
SSH is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions.
SSH2 library by Trilead: info@trilead.com, www.trilead.com
see http://www.ganymed.ethz.ch/ssh2/ www.ganymed.ethz.ch/ssh2 as well.
SSH is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions.
Die Ausgabe des Prozesses nach STDOUT wird in diesem Parameter gespeichert.
The output of the process into STDOUT is reported as the value of this parameter.
Die Ausgabe des Prozesses nach STDERR wird in diesem Parameter gespeichert.
The output of the process into STDERR is reported as the value of this parameter.
Tritt entweder ein SP2- oder ein ORA-Fehler auf, so wird der Job fehlerhaft beendet. Es wird der Exit-code auf 98 gesetzt.
Occurs either SP2 or an ORA-error occurs, the job is terminated abnormally. The exit code is set to 98.
Wenn STDERR nach Beendigung des Prozesses nicht null oder leer ist, so wird der Exit-Code auf 99 gesetzt.
If STDERR ist not empty the exit code is set to 99.
Der Exit-Code des Prozesses wird als Wert dieser Variablen gespeichert. Wurde der Prozess ohne Fehler beendet so ist der Wert "0".
The exit code of the process is the value of this parameter. The exit code is zero if the process ended without any error.
auth_method
die Authentifizierungsmethode publickey bestimmt wurde.
password
angegeben werden.
auth_method
parameter.
Der Parameter spezifiziert die zu verwendende Authentifizierungsmethode des SSH Protokolls.
Unterstützt
werden
Bei Verwendung der Authentifizierungsmethode
Bei Verwendung der Authentifizierungsmethode
Welche Authentifizierungsmethoden unterstützt werden, ist am SSH Server konfiguriert.
Nicht alle SSH Server unterstützen die
Authentifizierungsmethode
This parameter specifies the authorization method for the SSH protocol -
the
When the
For the
The authorization methods which are enabled depends on the SSH server configuration.
Not all SSH server configurations support the
In einem SSH Kommando-Parameter (JobScheduler, YADE) können mehrere auszuführende shell-Kommandos hintereinander spezifiziert werden. Voneinander getrennt werden diese Kommandos durch die (mit diesem Parameter) festgelegte Zeichenfolge.
Getrennt auszuführende Kommandos werden in separaten SSH Sessions ausgeführt.
Command delimiter characters are specified using this parameter.
These delimiters can then be used in the
These commands are then excecuted in separate SSH sessions.
Der Wert des Parameters enthält eine oder mehrer Zeilen, die zusammen ein Befehlsscript, bei *nix inclusive "hash-bang", beschreiben.
Das Script kann mit Hilfe von Umgebungsvariablen auf Job- und Auftrags-Parameter zugreifen. Die Namen sind großgeschrieben. "SCHEDULER_PARAM_" ist den Namen vorangestellt. Auftragsparameter überschreiben gleichnamige Job-Parameter.
Der Parameter kann alternativ zu
This parameter can be used as an alternative to
Der Wert des Parameters enthält den Namen (ung ggfs. den Pfad-Namen) einer (Script-)Datei, die zum entfernten Host übertragen und dort ausgeführt werden soll. Die Datei wird in dem Home-Verzeichnis des Nutzers gespeichert. Nach dem Ende der Ausführung des Skripts wird die Datei gelöscht.
Von dem Skript benötigte Parameter, die in der Kommandozeile nach dem Namen des Skripts anzugeben sind, werden mit dem
Parameter
Das Script kann mit Hilfe von Umgebungsvariablen auf Job- und Auftrags-Parameter zugreifen. Die Namen sind großgeschrieben. "SCHEDULER_PARAM_" ist den Namen vorangestellt.
Der Parameter kann alternativ zu
Auftragsparameter überschreiben gleichnamige Job-Parameter.
The value of this parameter contains the file-name (and path-name, if needed) of a local (script-)file, which will be transferred to the remote host and will then be executed there. The script can access job- and order-parameters by environment variables. The names of the environment variables are in upper case and have the string "SCHEDULER_PARAM_" as a prefix. Order parameters with the same name overwrite task parameters.
This parameter can be used as an alternative to
Die Parameter des SSH-Jobs sind in diesem Beispiel innerhalb des params-tags spezifiziert. Dabei ist für das auszuführende Skript ein Name einer Datei im lokalen Filesystem angegeben. Diese wird, falls vorhanden, zunächst auf den SSH-Host kopiert und dann dort ausgeführt.
Die Parameter des SSH-Jobs sind in diesem Beispiel innerhalb des params-tags spezifiziert. Dabei ist für das auszuführende Skript ein Name einer Datei im lokalen Filesystem angegeben. Diese wird, falls vorhanden, zunächst auf den SSH-Host kopiert und dann dort ausgeführt.
command_script
oder des command_script_file
angehängt wird.
command_script
or the command_script_file
.
Der Parameter benennt den Hostnamen (z.B. wilma.sos) oder die IP-Adresse (z.B. IPv4 192.168.0.1) des (FTP, SFTP, SSH, SMTP, etc.) Servers, zu dem eine Verbindung hergestellt werden soll.
The simple form of this parameter is deprecated and the parameter should now only be used with either a source_ or target_ prefix.
The simple form of this parameter is deprecated and the parameter should now only be used with either a source_ or target_ prefix.
See the Parameter Reference:
This parameter specifies the hostname (e.g. test.sos) or IP address (e.g. IPv4 192.168.0.1) of the (FTP, SFTP, SSH, SMTP, etc.) server which a connection has to be made to.
The simple form of this parameter is deprecated and the parameter should now only be used with either a source_ or target_ prefix.
See the Parameter Reference:
255
2,3,4,100
4,50-60,210-220
255
2,3,4,100
4,50-60,210-220
Mit diesem Parameter wird spezifiziert, ob der remote gestartete Job (Script, executable) bei einem Kill im Operations-GUI ebenfalls beendet werden soll.
Der Job wird trotzdem fortgesetzt wenn der Wert auf "true" gesetzt ist.
With this parameter the behaviour of the remote running job (Script, executable) will be influenced. if the job is killed by the JS-Operations-GUI, the running job will continue if the value of this parameter is set to true.
If any output to stderr has been created or the exit code is unequal 0 then the job usually throws an exception. Whenever the job throws an exception then its task ends with the exit code 1. If the job is started by an order and an exception is thrown then the order goes to the error node of the job chain.
Should this value false be specified, then it prevents an exception is thrown, the task has the exit code of the command that is being executed on the SSH server and an order goes to the next node of the job chain.
Gibt es Ausgaben nach stderr oder der Exit-Code ist ungleich 0, dann wirft der job normalerweise eine Exception. Wird eine Exception geworfen, dann endet die Task des Job mit dem Eixt-Code 1. Wird der in einer Job-Kette verwendet, dann geht der Auftrag in den Error-Knoten der Job-Kette.
Wird der Wert false für diesen Parameter angegeben, dann wird keine Exception ausgelöst. Die Task des Job erhält den Exit-Code des am SSH Server ausgeführten Kommandos und ein Auftrag geht ganz normal in den nächsten Knoten der Kette (nicht in den Fehler-Knoten).
Kennwort zur Anmeldung am FTP/SFTP Server.
Falls SSH/SFTP Verbindungen mit private/public key Authentifizierung verwendet werden, dann spezifiziert dieser Parameter die Passphrase, mit der ggf. ein privater Schlüssel geschützt ist.
The simple form of this parameter is deprecated and the parameter should now only be used with either a source_ or target_ prefix.
Password for authentication at the FTP/SFTP server.
For SSH/SFTP connections that make use of public/private key authentication the password parameter is specified for the passphrase that optionally secures a private key.
The simple form of this parameter is deprecated and the parameter should now only be used with either a source_ or target_ prefix.
Wird der Wert true für diesen Parameter angegeben, dann wird ein login an der shell simuliert, um die Befehle auszuführen. Manche Scripte haben Probleme wenn keine shell vorhanden ist.
The parameter
Should the value true be specified for this parameter, then a login to a shell is simulated to execute commands. Some scripts may cause problems if no shell is present.
The parameter
The expected command line prompt. Using this prompt the job tries to find out if commands may be entered or have been carried out. If no prompt can be configured, timeout parameters have to be used.
Benutzername zur Anmeldung am Server.
The simple form of this parameter is deprecated and the parameter should now only be used with either a source_ or target_ prefix.
Parameter Reference: BasicAuthentication
Parameter Reference: SSHAuthentication
User name for authentication at one of the systems involved in file transfer, e.g. an FTP or SFTP server.
If the relevant server system is part of a Windows domain then the syntax domain\account can be used.
The simple form of this parameter is deprecated and the parameter should now only be used with either a source_ or target_ prefix.
See the Parameter Reference:
Der Job wird zur Ausführung von Kommandos, Programmen und/oder shell-Skripten auf einem (entfernten) Rechner unter Verwendung der "secure shell" (SSH) verwendet.
Weitere und weiterführende Information zu SSH finden sich unter http://en.wikipedia.org/wiki/Secure_Shell
All
Trilead requires a SSH protocol with at least
SSH is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions.
This is the easiest and most popular method to authenticate a user. The userid and a password is send to the SSH server. Best of all, the password is encrypted, before sending it to the server and decrypted at the server side. but, at the end, it is a password and if someone is able to decrypt he has opened the door to the server.
Note that the password authentication must be enabled in the SSH configuration file /etc/ssh/sshd_config:
PasswordAuthentication yes
A passphrase is an additional protection of the key files, like a password. Every time you want to access a server by a passphrase protected key you have to enter the value of the passphrase as an additional authentication.
Note that the publickey authentication must be enabled in the SSH configuration file /etc/ssh/sshd_config:
PubkeyAuthentication yes
First of all, the private SSH-Key must be in OpenSSH-Format.
First we generate the key with ssh-keygen.
When ssh-keygen asked
for a passphrase you can enter your passphrase to
add it to the key.
Or you can leave it blank.
Remember, the longer and stronger you make
your password, the harder it will
be for any malicious h4x0r (or
government agency) to decrypt it.
Save the key to
/home/username/.ssh/identity as recommended
by the
ssh-keygen
program.
You will need to specify which encryption method (e.g. RSA,
DSA) you
want to use.
kb@wilma:~/.ssh> ssh-keygen -f my-key-set.id_dsa -t rsa
ssh-keygen generates an private OpenSSH-Key and a public key.
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/dave/.ssh/identity): /home/dave/.ssh/identity
Enter passphrase
(empty for no passphrase): *enter your passphrase here*
Enter same passphrase again: *repeat your passphrase*
Your identification has been saved in
/home/dave/.ssh/identity.
Your public key has been saved in /home/dave/.ssh/identity.pub.
The key fingerprint is:
24:bc:0b:fs:f5:06:1d:c0:05:3a:59:09:e3:07:8a:8d kb@wilma
The private key looks the the key in the lines below:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,56C91DCFDF45E388
MxnhXdGMmnFlR2cmjtF690uIYKLZUlbfVcXWRYwgxH21k0K6zicRE2YUDiNGikCW
GNjB97uObN8JEyykvbQaXFdu5UJKO5ydE7YmBk3n/I6WRo+gNCig9+ty0LIMOg0J
NIsvCdUi3+2ldsz8TRSRYPY0uZ3ddymKjIzePDx2WiacTB3VAomx7s3HhoFIBuTA
7DwUJx0jDUsoF6vNs3LIZTOs/XuwRAttNRsKX2LFkAZpqRPjabohZ7HpQy2Y3yGF
zv2kdAQXF769/YepaBzjEmt5OKx+NsWmi9DgaghhUsUZjPqZY+X/D8hXqCIMdSsB
5uPuKC/OjfuersZTiNK1hh288fuFD2phQ8aHu2RCfpFXB21Vh5A8Bg9ZO1pqHfU2
ngWrmdXOauOQxQ8+Pmh44N0dKPmmQ4sccpUgZe4aMplLKrarQOufcGX33JGAF0xc
WyWjl14IZCpQdWbCO6rKEnWf6bgjuYyV9y2n6TjaIDgwMn3UV381LHCqxEsdERid
X/at3BsPc2verLrN5qEDVpPJmdFr5WCghgds88DhuP8suQodbtlVidWj/rTd7fV+
6RhsozJIkeCBwccQTJDJrMoTUi5eNwIO2g91Cjj7Fu2b3ir1lrOVg8OK5zsukFcY
+Gcub8AJjOq8vRqNZ2o0SyXGcoORKIwqpMF9+IlaUGJ3n7THK4DbXwtzGeBIZiwH
Gs4bzowFecPFh8PuvwUa1gIH+aPNsXZ0Jtkv72d3r9y9EBHNIkyh9KFDztFaFswY
2BdXcnDfNmsRbtVvH4kFb0h2R1M2aaXsJFl0mvCtaOM=
-----END RSA PRIVATE KEY-----
If puTTYgen is used to create the priv/pub keys it is not an OpenSSH Key by default. To get an OpenSSH conform key you must export the private key to OpenSSH format.
If you want to use the private key in putty as well you have to convert this private key to the openSSH-format. This can be done with puTTYgen as well.
To be able to log in to remote systems using a pair of keys, one will first have to add the public key on the remote server to the authorized_keys file in the .ssh/ directory in the home directory on the remote machine.
The Next action is to create a .ssh directory, and inside the .ssh/ directory create an authorized_keys file and add the public key to the file. Make sure the file is not readable for other users/groups. chmod 600 authorized_keys* does the trick.
[kb@wilma kb]$ mkdir .ssh
[kb@wilma kb]$ chmod 700 .ssh
[kb@wilma kb]$ cd .ssh
[kb@wilma .ssh]$ touch authorized_keys
[kb@wilma .ssh]$ chmod 600 authorized_keys
[kb@wilma .ssh]$ cat ../identity.pub >> authorized_keys
[kb@wilma .ssh]$ rm ../identity.pub
SSH, The Secure Shell: The Definitive Guide written by Daniel J. Barret & Richard Silverman, published by O'Reilly
OpenSSH manual
The job knows some parameters to handle the stderr and the exit code. These are
ignore_stderr
ignore_error
ignore_exit_code
raise_exception_on_error
ls _unknown_folder_; exit 5;This commmand has a stderr = "
ls: _unknown_folder_: No such file or directory
" and the exit code 5.
ignore_stdout | ignore_error | raise_exception_on_error | ExitCode of the command |
ExitCode of the job's task |
Order goes to... |
---|---|---|---|---|---|
false | false | true | 5 | 1 | error node |
true | false | true | 5 | 1 | error node |
false | true | true | 5 | 1 | error node |
true | true | true | 5 | 0 | next node |
false | false | false | 5 | 5 | next node |
true | false | false | 5 | 5 | next node |
false | true | false | 5 | 5 | next node |
true | true | false | 5 | 0 | next node |
std_out_output
std_err_output
exit_code
This job is used to execute commands, programs and/or shell-scripts on a remote server by SSH.
for more information on SSH http://en.wikipedia.org/wiki/Secure_Shell
All
Trilead requires a SSH protocol with at least
SSH is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions.
This is the easiest and most popular method to authenticate a user. The userid and a password is send to the SSH server. Best of all, the password is encrypted, before sending it to the server and decrypted at the server side. but, at the end, it is a password and if someone is able to decrypt he has opened the door to the server.
Note that the password authentication must be enabled in the SSH configuration file /etc/ssh/sshd_config:
PasswordAuthentication yes
A passphrase is an additional protection of the key files, like a password. Every time you want to access a server by a passphrase protected key you have to enter the value of the passphrase as an additional authentication.
Note that the publickey authentication must be enabled in the SSH configuration file /etc/ssh/sshd_config:
PubkeyAuthentication yes
First of all, the private SSH-Key must be in OpenSSH-Format.
First we generate the key with ssh-keygen.
When ssh-keygen asked
for a passphrase you can enter your passphrase to
add it to the key.
Or you can leave it blank.
Remember, the longer and stronger you make
your password, the harder it will
be for any malicious h4x0r (or
government agency) to decrypt it.
Save the key to
/home/username/.ssh/identity as recommended
by the
ssh-keygen
program.
You will need to specify which encryption method (e.g. RSA,
DSA) you
want to use.
kb@wilma:~/.ssh> ssh-keygen -f my-key-set.id_dsa -t rsa
ssh-keygen generates an private OpenSSH-Key and a public key.
Generating public/private rsa1 key pair.
Enter file in which to save the key (/home/dave/.ssh/identity): /home/dave/.ssh/identity
Enter passphrase
(empty for no passphrase): *enter your passphrase here*
Enter same passphrase again: *repeat your passphrase*
Your identification has been saved in
/home/dave/.ssh/identity.
Your public key has been saved in /home/dave/.ssh/identity.pub.
The key fingerprint is:
24:bc:0b:fs:f5:06:1d:c0:05:3a:59:09:e3:07:8a:8d kb@wilma
The private key looks the the key in the lines below:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,56C91DCFDF45E388
MxnhXdGMmnFlR2cmjtF690uIYKLZUlbfVcXWRYwgxH21k0K6zicRE2YUDiNGikCW
GNjB97uObN8JEyykvbQaXFdu5UJKO5ydE7YmBk3n/I6WRo+gNCig9+ty0LIMOg0J
NIsvCdUi3+2ldsz8TRSRYPY0uZ3ddymKjIzePDx2WiacTB3VAomx7s3HhoFIBuTA
7DwUJx0jDUsoF6vNs3LIZTOs/XuwRAttNRsKX2LFkAZpqRPjabohZ7HpQy2Y3yGF
zv2kdAQXF769/YepaBzjEmt5OKx+NsWmi9DgaghhUsUZjPqZY+X/D8hXqCIMdSsB
5uPuKC/OjfuersZTiNK1hh288fuFD2phQ8aHu2RCfpFXB21Vh5A8Bg9ZO1pqHfU2
ngWrmdXOauOQxQ8+Pmh44N0dKPmmQ4sccpUgZe4aMplLKrarQOufcGX33JGAF0xc
WyWjl14IZCpQdWbCO6rKEnWf6bgjuYyV9y2n6TjaIDgwMn3UV381LHCqxEsdERid
X/at3BsPc2verLrN5qEDVpPJmdFr5WCghgds88DhuP8suQodbtlVidWj/rTd7fV+
6RhsozJIkeCBwccQTJDJrMoTUi5eNwIO2g91Cjj7Fu2b3ir1lrOVg8OK5zsukFcY
+Gcub8AJjOq8vRqNZ2o0SyXGcoORKIwqpMF9+IlaUGJ3n7THK4DbXwtzGeBIZiwH
Gs4bzowFecPFh8PuvwUa1gIH+aPNsXZ0Jtkv72d3r9y9EBHNIkyh9KFDztFaFswY
2BdXcnDfNmsRbtVvH4kFb0h2R1M2aaXsJFl0mvCtaOM=
-----END RSA PRIVATE KEY-----
If puTTYgen is used to create the priv/pub keys it is not an OpenSSH Key by default. To get an OpenSSH conform key you must export the private key to OpenSSH format.
If you want to use the private key in putty as well you have to convert this private key to the openSSH-format. This can be done with puTTYgen as well.
To be able to log in to remote systems using a pair of keys, one will first have to add the public key on the remote server to the authorized_keys file in the .ssh/ directory in the home directory on the remote machine.
The Next action is to create a .ssh directory, and inside the .ssh/ directory create an authorized_keys file and add the public key to the file. Make sure the file is not readable for other users/groups. chmod 600 authorized_keys* does the trick.
[kb@wilma kb]$ mkdir .ssh
[kb@wilma kb]$ chmod 700 .ssh
[kb@wilma kb]$ cd .ssh
[kb@wilma .ssh]$ touch authorized_keys
[kb@wilma .ssh]$ chmod 600 authorized_keys
[kb@wilma .ssh]$ cat ../identity.pub >> authorized_keys
[kb@wilma .ssh]$ rm ../identity.pub
SSH, The Secure Shell: The Definitive Guide written by Daniel J. Barret & Richard Silverman, published by O'Reilly
OpenSSH manual
The job knows some parameters to handle the stderr and the exit code. These are
ignore_stderr
ignore_error
ignore_exit_code
raise_exception_on_error
ls _unknown_folder_; exit 5;This commmand has a stderr = "
ls: _unknown_folder_: No such file or directory
" and the exit code 5.
ignore_stdout | ignore_error | raise_exception_on_error | ExitCode of the command |
ExitCode of the job's task |
Order goes to... |
---|---|---|---|---|---|
false | false | true | 5 | 1 | error node |
true | false | true | 5 | 1 | error node |
false | true | true | 5 | 1 | error node |
true | true | true | 5 | 0 | next node |
false | false | false | 5 | 5 | next node |
true | false | false | 5 | 5 | next node |
false | true | false | 5 | 5 | next node |
true | true | false | 5 | 0 | next node |
std_out_output
std_err_output
exit_code