SSH Discovery parameters

These parameters control several aspects of SSH discovery, including the number of SSH connections per host and the process commands against localhost.

Table 1. SSH Discovery parameters
Label Names Description
MID Server connection cache mid.connection_cache Specifies whether to cache connections. Set to false to disable connection caching. This parameter applies to SSH connections only.
  • Type: true | false
  • Default value: true
Decide if the PATH environment variable should be set for SSH commands mid.ssh.set_path Specifies whether to set the PATH environment variable for SSH commands.
  • Type: true | false
  • Default value: true
Process commands against localhost via SSH rather than console mid.ssh.local Specifies whether to execute commands for the MID Server host machine (localhost) via SSH rather than from a console. This allows long-running commands to execute properly. This parameter applies to the legacy SSH client only.
  • Type: true | false
  • Default value: false
MID Server SSH connections per host mid.ssh_connections_per_host Controls the number of concurrent probes that the MID Server can run against a given host. Lowering the number of concurrent connections can slow Discovery.
  • Type: integer
  • Default value:
    • 7 for the ServiceNow client
    • 3 for the legacy SSH client
Enable (or disable) sudo to preserve environment (-E) for SSH mid.ssh.sudo_preserve_environment Specifies whether to use sudo to preserve the environment for SSH.
  • Type: true | false
  • Default value: false
Set the PATH environment paths for SSH commands mid.ssh.path_override Overrides the default paths set before executing a command. Enter one or more override paths delimited by a colon (:). The default path is /usr/sbin: /usr/bin: /bin: /sbin.
The ServiceNow SSH client accepts the following prefixes in front of the path_overide value.
  • append: Appends the override path to the end of the host’s path. This is the default behavior.
  • replace: Replaces the host path with the path_overide value.
  • prepend: Appends the override path to the front of the host path.
  • Type: string (a colon-separated list of directories)
  • Default value: None
Enable the ServiceNow SSH Client mid.ssh.use_snc Enables the ServiceNow SSH client (SNCSSH) on individual MID Servers. SNCSSH is a ServiceNow implementation of an SSH client and is active by default for all MID Servers on new instances, via a MID Server property. Enabling the ServiceNow SSH client disables the legacy J2SSH client.
Important: Mixing SSH client types for MID Servers connected to the same instance is not a good practice.
  • Type: true | false
  • Default value: false
The maximum number of times to retry an SSH operation after a timeout mid.ssh.max_retries Specifies the maximum amount of times to retry an SSH operation after a time-out. The system sleeps two seconds between each connection attempt. By default, the MID Server retries once only. Set the parameter to 0 to disable retries.
  • Type: integer
  • Default value: 1
Sets a different remove file command to replace the default '/bin/rm -f' mid.ssh.alt_rm Sets a different SSH remove file command.
  • Type: string
  • Default value: none
Delay sending any SSH commands to a server after connecting mid.ssh.initial_delay_ms Delays sending any SSH probe commands to a server after connecting to the target for the time specified, in milliseconds. This parameter applies to the legacy SSH client only.
  • Type: integer (milliseconds)
  • Default value: 0
Suppress history file generation for SSH mid.ssh.suppress_history Suppresses the generation of the SSH history file. This parameter applies to the legacy SSH client only.
  • Type: true | false
  • Default value: false
Timeout in ms for SSH socket read mid.ssh.socket_timeout Specifies the timeout value for the SSH socket to prevent issues created by a socket timeout. Some devices, such as systems with embedded controllers like UPSs and PDUs, that have SSH enabled require more time to respond to an authentication request. The default value of 2 minutes ensures such requests do not timeout prematurely.
  • Type: integer (milliseconds)
  • Default value: 120000 (2 minutes)
Timeout in ms for SSH channel activity mid.ssh.channel_timeout Specifies the amount of time that the MID Server waits for activity on the SSH socket before closing the connection. If there has been no activity on the SSH socket for the specified timeout value, the MID Server closes the connection. Some devices, such as systems with embedded controllers like UPSs and PDUs, that have SSH enabled may require more time to respond to an authentication request.
  • Type: integer (milliseconds)
  • Default value: 120000 (2 minutes)
Timeout in ms for SSH socket read mid.ssh.session_timeout Specifies the amount of time that a cached session remains in memory after last use. Excessively small values tend to decrease performance. This parameter applies to the ServiceNow SSH client only.
  • Type: integer (milliseconds)
  • Default value: 300000 (5 minutes)
Timeout for SSH command execution (ms) mid.ssh.command_timeout_ms The timeout duration, in milliseconds, for the execution of an SSH command.
  • Type: integer (milliseconds)
  • Default value: 300000 (5 minutes)
Use keyboard interactive authentication for SSH mid.ssh.use_keyboard_interactive Uses the keyboard interactive authentication mode in SSH daemons on which it is activated.
  • Type: true | false
  • Default value: false
Min size of DH group in bits mid.ssh.dh_group_length_min Specifies the minimum group length in bits used for generating a "shared secret" key in Diffie-Hillman key exchange. The larger the key the more secure the SSH connection is but at the cost of performance.
  • Type: integer (bits)
  • Default value: 1024
Max size of DH group in bits mid.ssh.dh_group_length_max Specifies the maximum group length in bits used for generating a "shared secret" key in Diffie-Hillman key exchange. The larger the key the more secure the SSH connection is but at the cost of performance.
  • Type: integer (bits)
  • Default value: 2048
List of bourne-compatible shells mid.ssh.shells_supported Defines the bourne-compatible shells supported by the MID Server. This value is a comma-separated list of supported shells, such as ksh, dsh, bash and sh.
  • Type: string
  • Default value: ksh,bash,sh
Ratio of ssh session pool capacity to mid thread number in percentage. mid.ssh.pool_thread_ratio The ratio of SSH session pool capacity to the MID Server thread number, in percentage. The pool capacity is at least 25%.
  • Type: integer
  • Default value: 75
Comma-separated list of sudo alternatives. mid.ssh.privileged_commands Currently supported privileged commands are pbrun, pfexec, sudo.
  • Type: string
  • Default value: sudo

Default paths for SSH commands

By default, the MID Server is configured to search for SSH commands in the following paths and the logged-on user's default paths:
  • /usr/sbin
  • /usr/bin
  • /bin
  • /sbin