Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • Now Platform capabilities
Table of Contents
Choose your release version
    Home New York Now Platform Capabilities Now Platform capabilities Flow Designer Action Designer SSH step

    SSH step

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    SSH step

    The SSH step executes SSH commands on an external *nix system through a ServiceNow® MID Server. The step also stores scripts and commands for the *nix systems.

    Note:
    • The SSH step is not available in the base system. The step requires the subscription to ServiceNow® IntegrationHub and activation of IntegrationHub Professional Pack Installer (com.glide.hub.integrations.professional) or later. For more information about the IntegrationHub subscription packages, see IntegrationHub usage and subscription. After you activate the required plugin, the step is visible under Integrations.
    • IntegrationHub supports ServiceNow SSH only.

    Roles and availability

    The SSH step is available as an Action Designer action step. Users with the action_designer role can create a custom action with one or more action steps.

    Sanitizing arguments using the escape class and function

    Escape all user inputs to eliminate the possibility of a malicious user executing arbitrary commands on your target server. Escape and validate data pills before the command field uses them by sanitizing arguments using a preprocessing Script step. Precede the SSH step with a Script step, which takes the arguments that are used to construct a command in the SSH step.

    In the Script step, use the escape class, GlideShellEscapeUtils and escape function, escapeBashShellArg. The escaped arguments are the output of the Script step. Use this escaped output as the arguments of the commands used in the SSH step. The escaped values should contain arguments of a command.
    Table 1. Escape APIs
    Escape class/function Description
    GlideShellEscapeUtils Provides scripted APIs to escape the shell arguments. For example, var escapedArgument = SNC.GlideShellEscapeUtils.escapeBashShellArg("/etc && cat myfile.txt");. The escaped argument is, '/etc && cat myfile.txt'.
    escapeBashShellArg
    • Adds single quotes around a string.
    • Escapes any existing single quotes within a string enabling you to pass the string directly to a shell function and treat the string as a single safe argument.

    Fields

    Field Description
    Connection Details
    Connection Type of connection to use.
    • Define Connection Inline: Define connection information within the action step.
    • Use Connection Alias: Define connection information using the Connection Alias table. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using an action in multiple environments. Likewise, if the connection information changes, you don't need to update your custom action.

    To learn more about connections and credentials, see credentials, connections, and aliases.

    Connection Alias Connection & Credential alias record the system uses to run the action step. Users with the flow_designer or admin role can create or select an associated Connection record. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using an action in multiple environments. Likewise, if the connection information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases. The credential value is displayed as a Password (2 Way Encrypted) data pill on the data pane. This field is available when Use Connection Alias is selected from the Connection list.
    Credential Alias Credential alias the system uses to run the action step. Users with the flow_designer or admin role can create or select an associated Connection record. Using an alias eliminates the need to configure multiple credentials when using an action in multiple environments. Likewise, if the credential information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases. The credential value is displayed as a Password (2 Way Encrypted) data pill on the data pane. This field is available when Define Connection Inline is selected from the Connection list.
    Host Host name or IP address of the target server. This field is available when Define Connection Inline is selected from the Connection list.
    MID Application Option to use a MID Server to run the SSH step. This field is available when Define Connection Inline is selected from the Connection list.
    Capabilities Capability of the MID Server. Select SSH. This field is available when Define Connection Inline is selected from the Connection list.
    SSH Configuration
    Working Directory Optional target directory on the target host where the command is run.
    Command Command that runs on the target directory. The command can also include MID Serverscripts. See Advanced SSH script options for more information.
    Note: Escape and validate data pills before the command field uses them by sanitizing arguments using a preprocessing Script step. For more information, see Sanitizing arguments using the escape class and function.
    Long Running Option to disable the SSH connection timeout for commands that might take longer than the default time of 120 seconds to run. When selected, the engine detaches from the execution thread until completion.
    Sudo Mode Option to elevate privileges to execute the script.
    For more information, see SSH credentials.

    Advanced SSH script options

    To run a MID Server script on the target host, specify the script type and pass the name of the script into the ${syncFile()}parameter. The system uses this parameter to locate the named script in the MID Server Script File [ecc_agent_script_file] table and run it on the target host. For example, a bash script can be expressed as:
    bash ${syncFile("<MID script name>")} argument1 argument2 argument3
    A base script (main_script.bash) can reference another script (my_include.bash) as well as a separate file (.my_profile) located on the target host. Both scripts and the file referenced must be synced to the MID Server, using the ${syncFile()} parameter, to execute properly.
    source ${syncFile(".my_profile")}
    cp ${syncFile("my_include.bash")} /usr/ssmith/my_include.bash
    bash ${syncFile("main_script.bash")} one two three four five six 
    rm /usr/ssmith/my_include.bash
    A Python example with inline comments might look like this:
    set $LIB_DIR=/usr/bin;. 
    # Sync a file that is referenced inside myF5CreateLBPool.py 
    cp ${syncFile("specialFunctions.py")} ~/specialFunctions.py 
    # set up environment variables 
    source ${syncFile(".python_profile")} 
    # call script that sets up dependencies on the box from remote package repos 
    python ${syncFile("setupPythonDependencies.py")} pycontrol 
    # call a script that requires functions from the package as well as a function from myIncludedFile 
    python ${syncFile("myF5CreateLBPool.py")} snow_pool myActualValue 
    # user is responsible for their own cleanup 
    rm ~/specialFunctions.py 

    To see the list of available MID Server scripts, navigate to MID Server > Script Files.

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      SSH step

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      SSH step

      The SSH step executes SSH commands on an external *nix system through a ServiceNow® MID Server. The step also stores scripts and commands for the *nix systems.

      Note:
      • The SSH step is not available in the base system. The step requires the subscription to ServiceNow® IntegrationHub and activation of IntegrationHub Professional Pack Installer (com.glide.hub.integrations.professional) or later. For more information about the IntegrationHub subscription packages, see IntegrationHub usage and subscription. After you activate the required plugin, the step is visible under Integrations.
      • IntegrationHub supports ServiceNow SSH only.

      Roles and availability

      The SSH step is available as an Action Designer action step. Users with the action_designer role can create a custom action with one or more action steps.

      Sanitizing arguments using the escape class and function

      Escape all user inputs to eliminate the possibility of a malicious user executing arbitrary commands on your target server. Escape and validate data pills before the command field uses them by sanitizing arguments using a preprocessing Script step. Precede the SSH step with a Script step, which takes the arguments that are used to construct a command in the SSH step.

      In the Script step, use the escape class, GlideShellEscapeUtils and escape function, escapeBashShellArg. The escaped arguments are the output of the Script step. Use this escaped output as the arguments of the commands used in the SSH step. The escaped values should contain arguments of a command.
      Table 1. Escape APIs
      Escape class/function Description
      GlideShellEscapeUtils Provides scripted APIs to escape the shell arguments. For example, var escapedArgument = SNC.GlideShellEscapeUtils.escapeBashShellArg("/etc && cat myfile.txt");. The escaped argument is, '/etc && cat myfile.txt'.
      escapeBashShellArg
      • Adds single quotes around a string.
      • Escapes any existing single quotes within a string enabling you to pass the string directly to a shell function and treat the string as a single safe argument.

      Fields

      Field Description
      Connection Details
      Connection Type of connection to use.
      • Define Connection Inline: Define connection information within the action step.
      • Use Connection Alias: Define connection information using the Connection Alias table. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using an action in multiple environments. Likewise, if the connection information changes, you don't need to update your custom action.

      To learn more about connections and credentials, see credentials, connections, and aliases.

      Connection Alias Connection & Credential alias record the system uses to run the action step. Users with the flow_designer or admin role can create or select an associated Connection record. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using an action in multiple environments. Likewise, if the connection information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases. The credential value is displayed as a Password (2 Way Encrypted) data pill on the data pane. This field is available when Use Connection Alias is selected from the Connection list.
      Credential Alias Credential alias the system uses to run the action step. Users with the flow_designer or admin role can create or select an associated Connection record. Using an alias eliminates the need to configure multiple credentials when using an action in multiple environments. Likewise, if the credential information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases. The credential value is displayed as a Password (2 Way Encrypted) data pill on the data pane. This field is available when Define Connection Inline is selected from the Connection list.
      Host Host name or IP address of the target server. This field is available when Define Connection Inline is selected from the Connection list.
      MID Application Option to use a MID Server to run the SSH step. This field is available when Define Connection Inline is selected from the Connection list.
      Capabilities Capability of the MID Server. Select SSH. This field is available when Define Connection Inline is selected from the Connection list.
      SSH Configuration
      Working Directory Optional target directory on the target host where the command is run.
      Command Command that runs on the target directory. The command can also include MID Serverscripts. See Advanced SSH script options for more information.
      Note: Escape and validate data pills before the command field uses them by sanitizing arguments using a preprocessing Script step. For more information, see Sanitizing arguments using the escape class and function.
      Long Running Option to disable the SSH connection timeout for commands that might take longer than the default time of 120 seconds to run. When selected, the engine detaches from the execution thread until completion.
      Sudo Mode Option to elevate privileges to execute the script.
      For more information, see SSH credentials.

      Advanced SSH script options

      To run a MID Server script on the target host, specify the script type and pass the name of the script into the ${syncFile()}parameter. The system uses this parameter to locate the named script in the MID Server Script File [ecc_agent_script_file] table and run it on the target host. For example, a bash script can be expressed as:
      bash ${syncFile("<MID script name>")} argument1 argument2 argument3
      A base script (main_script.bash) can reference another script (my_include.bash) as well as a separate file (.my_profile) located on the target host. Both scripts and the file referenced must be synced to the MID Server, using the ${syncFile()} parameter, to execute properly.
      source ${syncFile(".my_profile")}
      cp ${syncFile("my_include.bash")} /usr/ssmith/my_include.bash
      bash ${syncFile("main_script.bash")} one two three four five six 
      rm /usr/ssmith/my_include.bash
      A Python example with inline comments might look like this:
      set $LIB_DIR=/usr/bin;. 
      # Sync a file that is referenced inside myF5CreateLBPool.py 
      cp ${syncFile("specialFunctions.py")} ~/specialFunctions.py 
      # set up environment variables 
      source ${syncFile(".python_profile")} 
      # call script that sets up dependencies on the box from remote package repos 
      python ${syncFile("setupPythonDependencies.py")} pycontrol 
      # call a script that requires functions from the package as well as a function from myIncludedFile 
      python ${syncFile("myF5CreateLBPool.py")} snow_pool myActualValue 
      # user is responsible for their own cleanup 
      rm ~/specialFunctions.py 

      To see the list of available MID Server scripts, navigate to MID Server > Script Files.

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login