UCSD - SSH with key

Version 5
    Task NameSSH task with ssh key usage
    Description
    Prerequisites
    1. Tested on 6.0
    CategoryWorkflow
    ComponentsvSphere 5.x
    User Inputs
    OutputID

    Instructions for Regular Workflow Use:

    1. Download the attached .ZIP file below to your computer. *Remember the location of the saved file on your computer.
    2. Unzip the file on your computer. Should end up with a .WFD file.
    3. Log in to UCS Director as a user that has "system-admin" privileges.
    4. Navigate to "Policies-->Orchestration" and click on "Import".
    5. Click "Browse" and navigate to the location on your computer where the .WFD file resides. Choose the .WFD file and click "Open".
    6. Click "Upload" and then "OK" once the file upload is completed. Then click "Next".
    7. Click the "Select" button next to "Import Workflows". Click the "Check All" button to check all checkboxes and then the "Select" button.
    8. Click "Submit".
    9. A new folder should appear in "Policies-->Orchestration" that contains the imported workflow. You will now need to update the included tasks with information about the specific environment.

     

     

    A big thank you goes out to Russ Whitear in creating all of these ssh with key options.

     

     

     

    #1 Option s a OA (open automation) option to load a module into UCSD (Administration -> open Automation).  This will create a ssh task.  UCSD application will have to be re-started on shelladmin session:

     

         The code can be found here:

              https://github.com/rwhitear42/PublicKeyAuth


         Attached file is:

                  feature-PublicKeyAuth.zip

     

    Unknown.png

     

    Unknown-1.png

     

    Unknown-2.png

     

    Unknown-3.png

     

    Unknown-4.png

     

     

     

    Nov 02, 2016 10:12:13 UTC Executing custom action PKA_Test (SSH Command Exec with PKA)

    Nov 02, 2016 10:12:13 UTC Executing custom action PKA_Test (SSH Command Exec with PKA)

    Nov 02, 2016 10:12:14 UTC Host: 10.52.249.104

    Nov 02, 2016 10:12:14 UTC Port: 22

    Nov 02, 2016 10:12:14 UTC Login: root

    Nov 02, 2016 10:12:14 UTC PKA File: /root/.ssh/id_rsa

    Nov 02, 2016 10:12:14 UTC Command: touch /tmp/success.txt

    Nov 02, 2016 10:12:14 UTC Connecting to host: 10.52.249.104

    Nov 02, 2016 10:12:14 UTC Running command: 'touch /tmp/success.txt'

    Nov 02, 2016 10:12:14 UTC Task #2 (PKA_Test (SSH Command Exec with PKA)) completed successfully in 0 seconds

    Nov 02, 2016 10:12:14 UTC Input/Output values for Task #2 (PKA_Test (SSH Command Exec with PKA)):

    Nov 02, 2016 10:12:14 UTC [Local Input: Host = 10.52.249.104]

    Nov 02, 2016 10:12:14 UTC [Local Input: Port = 22]

    Nov 02, 2016 10:12:14 UTC [Local Input: Login = root]

    Nov 02, 2016 10:12:14 UTC [Local Input: Private Key File Location = /root/.ssh/id_rsa]

    Nov 02, 2016 10:12:14 UTC [Local Input: Command = touch /tmp/success.txt]

    Nov 02, 2016 10:12:14 UTC Completed workflow item number 2, with status Completed

     

     

     

     

    SSH Log on 10.52.249.104:

     

    Nov  2 10:12:14 centos7 sshd[26426]: Accepted publickey for root from 10.52.249.103 port 50159 ssh2: RSA 8f:8b:be:3a:f7:d6:7d:15:7c:69:41:88:23:f8:36:39

    Nov  2 10:12:14 centos7 sshd[26426]: pam_unix(sshd:session): session opened for user root by (uid=0)

    Nov  2 10:12:14 centos7 sshd[26426]: pam_unix(sshd:session): session closed for user root

     

     

    …and result of the command:

     

    [root@centos7 ~]# ls -l /tmp/s*

    -rw-r--r--. 1 root root 0 Nov  2 10:12 /tmp/success.txt

     

     

     

     

    #2 Option

         And in CloupiaScript:

     

              1. Create a script module called Jsch.

     

              2. Add the attached Jarfile (jsch-0.1.45.jar) to the module.


    Unknown.png


     

    3. Import the attached workflow and modify the values for your environment.


    Unknown-1.png


    Jar file

     

    loadJar("Jsch/jsch-0.1.45.jar");

    importPackage(java.lang);

    importClass(com.jcraft.jsch.JSch);

    var privateKey = input.privateKey;

    var passphrase = input.passphrase;

    var login = input.login;

    var host = input.host;

    var portStr = input.port;

    var port = parseInt(portStr);

    var command = input.command;

    // main();

    var jsch = new JSch();

    jsch.addIdentity(privateKey, passphrase);

    var session = jsch.getSession(login, host, port);

    session.setConfig("StrictHostKeyChecking", "no");

    //logger.addInfo("Connecting to host: " + host );

    session.connect();

    var channel=session.openChannel("exec");

    channel.setCommand(command);

    channel.setInputStream(null);

    channel.connect();

    channel.disconnect();

    session.disconnect();

     

     

     

    4. Run the workflow.

     

    Unknown-2.png

     

     

    Verification on the target machine:

     

    tail of /var/log/secure:

     

    Nov  3 06:27:50 centos7 sshd[27907]: Accepted publickey for root from 10.52.249.103 port 51007 ssh2: RSA 8f:8b:be:3a:f7:d6:7d:15:7c:69:41:88:23:f8:36:39

    Nov  3 06:27:50 centos7 sshd[27907]: pam_unix(sshd:session): session opened for user root by (uid=0)

    Nov  3 06:27:50 centos7 sshd[27907]: pam_unix(sshd:session): session closed for user root

     

    New file created:

     

    [root@centos7 ~]# ls -l /tmp/f*

    -rw-r--r--. 1 root root 0 Nov  3 06:27 /tmp/forOrf.txt


    Files for option #2

         jsch-0.1.45.jar (unzip)

         SSH_PKA_Custom.wfdx (unzip)

         For illustration the text file SSH_PKA_Custom_CloupiaScript.txt


    #3 Option

     

         Here’s a version where the passphrase (If used) is masked.

     

         Exporting the custom workflow task also includes the JAR library! Which is nice.


         File: SSH_PKA_CUSTOM.wfdx (unzip)


    Side Notes:

         Store the public key on the destination host.