Script that allows to execute SSH script using an EXE/Script sensor.


Introduction

The following script allows you to execute SSH script using an EXE/Script sensor. It will connect to the server, execute the given command and simply return the output to the sensor. That given, it can be used for either EXE/Script, EXE/Script (Advanced) or a EXE notification.

Please have a look at our guide for installing PowerShell based sensors for installation details.


Requirements

  1. Configured Windows credentials in the given host
  2. Configured Linux credentials in the given host
  3. Security context of the sensor is set to Use Windows credentials of parent device

Parameters

ParameterDescription
ComputerNameThe Linux host you want to connect to (can be set to %host)
UsernameThe Linux user you want to use (can be set to %linuxuser)
PasswordThe password of the above user (can be set to %linuxpassword)
KeyFilePathThe path of the keyfile, if you want to use key based authenticaion
CommandThe command you want to execute, including parameters
AutoUpdateFingerPrintSet this when calling the script to automatically update the SSH fingerprints of known devices. Careful, though!

Version History

DateVersionNotes
December 29th, 20161.1Bugfix for new Posh-SSH, where the session is stored differently
AutoUpdateFingerprint works correctly now
Posh-SSH is now installed automatically if not installed already
August 5th, 20151.0Initial Release


Script

# ___ ___ _____ ___
#| _ \ _ \_   _/ __|
#|  _/   / | || (_ |
#|_| |_|_\ |_| \___|
#    NETWORK MONITOR
#-------------------
# Description: This sensor will use Posh-SSH to connect to the server
# Parameters:
# -Computername:    The linux host you want to connect to
# -Username         Your linux username
# -Password         Your linux password
# -Command          The command to execute on your host,
# -AutoUpdateFingerPrint   Set this to when calling the script to automatically update the SSH fingerprints of known devices. 
# Careful, though!
#
##########
#
# Version History
# ----------------------------
# Version Date        Description 
# 1.1     29/12/2016  [Fixed]    Updated session handling
#                     [Improved] Posh-SSH is now automatically installed 
#                     [Fixed]    AutoUpdateFingerPrint works correctly now  
# 1.0     05/2015  Initial Release 
#
# (c) 2015 Stephan Linke | Paessler AG
 
# Parameters
param(  
    $Computername = "",
    $Username = "",
    $Password = "",
    $Port = 22,
    $KeyfilePath = "",
    $Command = "echo '0:Hello World'",
    $AutoUpdateFingerprint = $False
)
 
# Check if our module loaded properly
if (Get-Module -ListAvailable -Name Posh-SSH) { <# do nothing #> }
else { 
    # install the module automatically
    iex (New-Object Net.WebClient).DownloadString("https://gist.github.com/darkoperator/6152630/raw/c67de4f7cd780ba367cccbc2593f38d18ce6df89/instposhsshdev")
 }
 
function This-FingerPrintUpdate(){
    if($AutoUpdateFingerprint)
    { Remove-SSHTrustedHost $Computername }
}
 
# Includes
Import-Module Posh-SSH
 
 
function This-GetSSHCommandOutput(){
	# Create new session and execute the command given
    if($keyfilePath.Length -eq 0){
 
        # Generate credentials object for authentication
	 $nopasswd = New-Object System.Security.SecureString
        $Credential = New-Object System.Management.Automation.PSCredential ($Username, $nopasswd)	
        $Session = New-SSHSession -Computername $Computername -Credential $Credential -Acceptkey -KeyFile $keyfilePath -Port $Port

    }
    else
    { $Session = New-SSHSession -Computername $Computername -Acceptkey $true -KeyFile $keyfilePath -Port $Port }
	
    # Store the output of the command 
    $Output = (Invoke-SSHCommand -SSHSession $Session -Command $Command).Output
	
    # Remove the session after we're done
    Remove-SSHSession -Name $Session | Out-Null 
	
    # return the actual output
    Write-Host $Output.Trim();
 
}

# Automatically update the fingerprint for the given host. 
This-FingerPrintUpdate;

# echo the output to PRTG 
This-GetSSHCommandOutput;

Notes

The %linuxuser and %linuxpassword placeholders can't be used for notifications, you'll need to use a keyfile for authentication. Otherwise, you'll have to use clear text passwords within the parameters of the notification, which is not safe of course :)

The script is provided as is and may or may not work with your installation.



Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.