Forum Discussion

Jared_Thompson's avatar
Jared_Thompson
9 years ago

Feature Request - Add Certificate Based SSH Auth to Groovy Script

I am attempting to SSH into several servers using Groovy Script, in the following manner:

import com.santaba.agent.groovyapi.expect.Expect

hostname = hostProps.get("system.hostname");

sshuser=hostProps.get("ssh.user");

sshpass=hostProps.get("ssh.pass");

cli = Expect.open(hostname,sshuser,sshpass)

Instead of logging in with a username and password, I wish to login with a client certificate instead. I reached out to LM support, and they confirmed that certificate based ssh authentication is not supported in Groovy Script.

To workaround this, I am doing this instead, where the certificate is installed on my "Jump Host":

import com.santaba.agent.groovyapi.expect.Expect

hostname = hostProps.get("system.hostname");

sshuser=hostProps.get("ssh.user");

sshpass=hostProps.get("ssh.pass");

sshjumphost=hostProps.get("ssh.jumphost");

//First, open SSH to our JumpHost

cli = Expect.open(sshjumphost,sshuser,sshpass)

//Next, execute remote ssh command on the host, from the jumphost's ssh session

cli.send("/usr/bin/ssh " + sshuser + "@" + hostname + " /home/someuser/somecommand \n")

cli.send("exit \n")

cli.expectClose()

cli.stdout().eachLine { line ->

if ( line =~ /(GOOD|ERROR) - (.*)/ ) {

println line

}

}

This works well as a workaround, but I would prefer to not have to SSH twice to get the value.

  • Jessie_Bryan's avatar
    Jessie_Bryan
    9 years ago

    Hey Jared,

    AFAICT, LM packages "Expect4j" which more capabilities than what we use via package com.santaba.agent.groovyapi.expect.Expect.

    Some things to try:

    A) Installing Expect4j on your collector, and using this library directly

    B) Execute the local SSH environment of your [linux] collector.  Just like you're using your jump box, except you have the collector invoke it's SSH instead (does not require Expect).