Skip to content

ssh-host-key.md

Latest commit

 

History

History
96 lines (74 loc) · 2.9 KB

ssh-host-key.md

File metadata and controls

96 lines (74 loc) · 2.9 KB

← Command Reference

DiscoverSshHostKey

DiscoverSshHostKey performs the SSH handshake needed to read the remote host key before any login occurs.

Use it inside the DiscoverSshHostKey operation to capture the asset's trusted host key, optionally record the server software banner, and then return the discovered value with WriteResponseObject.

Syntax

{
  "DiscoverSshHostKey": {
    "HostKeyVariableName": "HostKey",
    "SoftwareVersionVariableName": "GLOBAL:ServerSoftwareName",
    "Port": "%Port%",
    "NetworkAddress": "%Address%",
    "Timeout": "%Timeout%"
  }
}

Parameters

Name Type Required? Description
HostKeyVariableName String Yes Variable that receives the discovered host key value.
SoftwareVersionVariableName String No Variable that receives the server software banner reported during negotiation.
NetworkAddress String expression Yes Target host or IP address. Scripts usually pass %Address% here.
Port Integer expression No SSH port number.
AutoAdjustCiphers Boolean No Broadens SSH algorithm negotiation for older systems. Some scripts expose this through a custom variable such as EnableAllCiphers.
Timeout Integer expression No Discovery timeout value.

Typical operation pattern

{
  "DiscoverSshHostKey": {
    "HostKeyVariableName": "HostKey",
    "Port": "%Port%",
    "NetworkAddress": "%Address%",
    "Timeout": "%Timeout%"
  }
}
{ "WriteResponseObject": { "Value": "%HostKey::$%" } }

Examples

Asset host-key discovery with software version capture

From samples/ssh/generic-linux-ssh-keys/GenericLinuxWithSSHKeySupport.json:

{
  "DiscoverSshHostKey": {
    "HostKeyVariableName": "HostKey",
    "SoftwareVersionVariableName": "GLOBAL:ServerSoftwareName",
    "Port": "%Port%",
    "NetworkAddress": "%Address%",
    "Timeout": "%Timeout%"
  }
}
{ "WriteResponseObject": { "Value": "%HostKey::$%" } }

Minimal host-key discovery

From samples/ssh/linux-ssh-batch-mode/LinuxSshBatchModeExample.json:

{
  "DiscoverSshHostKey": {
    "HostKeyVariableName": "HostKey",
    "Port": "%Port%",
    "NetworkAddress": "%Address%",
    "Timeout": "%Timeout%"
  }
}
{ "WriteResponseObject": { "Value": "%HostKey::$%" } }

Notes

DiscoverSshHostKey does not require Login, Password, or UserKey. It only performs the pre-authentication SSH negotiation needed to read the host key.

The command writes the discovered value into HostKeyVariableName; returning it to the platform is a separate step, usually WriteResponseObject.

Note: RetrieveSshHostKey is not supported by the Scriptable custom platform engine. Only DiscoverSshHostKey can be implemented.

Cross-References