Home New York Now Platform Capabilities Now Platform capabilities Flow Designer Action Designer SSH step

SSH step

The SSH step executes SSH commands on an external *nix system through a ServiceNow® MID Server. The step also stores scripts and commands for the *nix systems.

Note:

The SSH step is not available in the base system. The step requires the subscription to ServiceNow® IntegrationHub and activation of IntegrationHub Professional Pack Installer (com.glide.hub.integrations.professional) or later. For more information about the IntegrationHub subscription packages, see IntegrationHub usage and subscription. After you activate the required plugin, the step is visible under Integrations.
IntegrationHub supports ServiceNow SSH only.

Roles and availability

The SSH step is available as an Action Designer action step. Users with the action_designer role can create a custom action with one or more action steps.

Sanitizing arguments using the escape class and function

Escape all user inputs to eliminate the possibility of a malicious user executing arbitrary commands on your target server. Escape and validate data pills before the command field uses them by sanitizing arguments using a preprocessing Script step. Precede the SSH step with a Script step, which takes the arguments that are used to construct a command in the SSH step.

In the Script step, use the escape class, GlideShellEscapeUtils and escape function, escapeBashShellArg. The escaped arguments are the output of the Script step. Use this escaped output as the arguments of the commands used in the SSH step. The escaped values should contain arguments of a command.

Table 1. Escape APIs
Escape class/function	Description
GlideShellEscapeUtils	Provides scripted APIs to escape the shell arguments. For example, `var escapedArgument = SNC.GlideShellEscapeUtils.escapeBashShellArg("/etc && cat myfile.txt");`. The escaped argument is, `'/etc && cat myfile.txt'`.
escapeBashShellArg	Adds single quotes around a string. Escapes any existing single quotes within a string enabling you to pass the string directly to a shell function and treat the string as a single safe argument.

Fields


Field	Description
Connection Details
Connection	Type of connection to use. Define Connection Inline: Define connection information within the action step. Use Connection Alias: Define connection information using the Connection Alias table. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using an action in multiple environments. Likewise, if the connection information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases.
Connection Alias	Connection & Credential alias record the system uses to run the action step. Users with the flow_designer or admin role can create or select an associated Connection record. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using an action in multiple environments. Likewise, if the connection information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases. The credential value is displayed as a Password (2 Way Encrypted) data pill on the data pane. This field is available when Use Connection Alias is selected from the Connection list.
Credential Alias	Credential alias the system uses to run the action step. Users with the flow_designer or admin role can create or select an associated Connection record. Using an alias eliminates the need to configure multiple credentials when using an action in multiple environments. Likewise, if the credential information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases. The credential value is displayed as a Password (2 Way Encrypted) data pill on the data pane. This field is available when Define Connection Inline is selected from the Connection list.
Host	Host name or IP address of the target server. This field is available when Define Connection Inline is selected from the Connection list.
MID Application	Option to use a MID Server to run the SSH step. This field is available when Define Connection Inline is selected from the Connection list.
Capabilities	Capability of the MID Server. Select SSH. This field is available when Define Connection Inline is selected from the Connection list.
SSH Configuration
Working Directory	Optional target directory on the target host where the command is run.
Command	Command that runs on the target directory. The command can also include MID Serverscripts. See Advanced SSH script options for more information. Note: Escape and validate data pills before the command field uses them by sanitizing arguments using a preprocessing Script step. For more information, see Sanitizing arguments using the escape class and function.
Long Running	Option to disable the SSH connection timeout for commands that might take longer than the default time of 120 seconds to run. When selected, the engine detaches from the execution thread until completion.
Sudo Mode	Option to elevate privileges to execute the script.

For more information, see SSH credentials.

Advanced SSH script options

To run a MID Server script on the target host, specify the script type and pass the name of the script into the ${syncFile()}parameter. The system uses this parameter to locate the named script in the MID Server Script File [ecc_agent_script_file] table and run it on the target host. For example, a bash script can be expressed as:

bash ${syncFile("<MID script name>")} argument1 argument2 argument3

A base script (main_script.bash) can reference another script (my_include.bash) as well as a separate file (.my_profile) located on the target host. Both scripts and the file referenced must be synced to the MID Server, using the ${syncFile()} parameter, to execute properly.

source ${syncFile(".my_profile")}
cp ${syncFile("my_include.bash")} /usr/ssmith/my_include.bash
bash ${syncFile("main_script.bash")} one two three four five six 
rm /usr/ssmith/my_include.bash

A Python example with inline comments might look like this:

set $LIB_DIR=/usr/bin;. 
# Sync a file that is referenced inside myF5CreateLBPool.py 
cp ${syncFile("specialFunctions.py")} ~/specialFunctions.py 
# set up environment variables 
source ${syncFile(".python_profile")} 
# call script that sets up dependencies on the box from remote package repos 
python ${syncFile("setupPythonDependencies.py")} pycontrol 
# call a script that requires functions from the package as well as a function from myIncludedFile 
python ${syncFile("myF5CreateLBPool.py")} snow_pool myActualValue 
# user is responsible for their own cleanup 
rm ~/specialFunctions.py

To see the list of available MID Server scripts, navigate to MID Server > Script Files.

Previous topic

Next topic

Release version

SSH step

The SSH step executes SSH commands on an external *nix system through a ServiceNow® MID Server. The step also stores scripts and commands for the *nix systems.

Note:

The SSH step is not available in the base system. The step requires the subscription to ServiceNow® IntegrationHub and activation of IntegrationHub Professional Pack Installer (com.glide.hub.integrations.professional) or later. For more information about the IntegrationHub subscription packages, see IntegrationHub usage and subscription. After you activate the required plugin, the step is visible under Integrations.
IntegrationHub supports ServiceNow SSH only.

Roles and availability

The SSH step is available as an Action Designer action step. Users with the action_designer role can create a custom action with one or more action steps.

Sanitizing arguments using the escape class and function

Table 1. Escape APIs
Escape class/function	Description
GlideShellEscapeUtils	Provides scripted APIs to escape the shell arguments. For example, `var escapedArgument = SNC.GlideShellEscapeUtils.escapeBashShellArg("/etc && cat myfile.txt");`. The escaped argument is, `'/etc && cat myfile.txt'`.
escapeBashShellArg	Adds single quotes around a string. Escapes any existing single quotes within a string enabling you to pass the string directly to a shell function and treat the string as a single safe argument.

Fields


Field	Description
Connection Details
Connection	Type of connection to use. Define Connection Inline: Define connection information within the action step. Use Connection Alias: Define connection information using the Connection Alias table. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using an action in multiple environments. Likewise, if the connection information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases.
Connection Alias	Connection & Credential alias record the system uses to run the action step. Users with the flow_designer or admin role can create or select an associated Connection record. Using an alias eliminates the need to configure multiple credentials and connection information profiles when using an action in multiple environments. Likewise, if the connection information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases. The credential value is displayed as a Password (2 Way Encrypted) data pill on the data pane. This field is available when Use Connection Alias is selected from the Connection list.
Credential Alias	Credential alias the system uses to run the action step. Users with the flow_designer or admin role can create or select an associated Connection record. Using an alias eliminates the need to configure multiple credentials when using an action in multiple environments. Likewise, if the credential information changes, you don't need to update your custom action. To learn more about connections and credentials, see credentials, connections, and aliases. The credential value is displayed as a Password (2 Way Encrypted) data pill on the data pane. This field is available when Define Connection Inline is selected from the Connection list.
Host	Host name or IP address of the target server. This field is available when Define Connection Inline is selected from the Connection list.
MID Application	Option to use a MID Server to run the SSH step. This field is available when Define Connection Inline is selected from the Connection list.
Capabilities	Capability of the MID Server. Select SSH. This field is available when Define Connection Inline is selected from the Connection list.
SSH Configuration
Working Directory	Optional target directory on the target host where the command is run.
Command	Command that runs on the target directory. The command can also include MID Serverscripts. See Advanced SSH script options for more information. Note: Escape and validate data pills before the command field uses them by sanitizing arguments using a preprocessing Script step. For more information, see Sanitizing arguments using the escape class and function.
Long Running	Option to disable the SSH connection timeout for commands that might take longer than the default time of 120 seconds to run. When selected, the engine detaches from the execution thread until completion.
Sudo Mode	Option to elevate privileges to execute the script.

For more information, see SSH credentials.

Advanced SSH script options

bash ${syncFile("<MID script name>")} argument1 argument2 argument3

source ${syncFile(".my_profile")}
cp ${syncFile("my_include.bash")} /usr/ssmith/my_include.bash
bash ${syncFile("main_script.bash")} one two three four five six 
rm /usr/ssmith/my_include.bash

A Python example with inline comments might look like this:

set $LIB_DIR=/usr/bin;. 
# Sync a file that is referenced inside myF5CreateLBPool.py 
cp ${syncFile("specialFunctions.py")} ~/specialFunctions.py 
# set up environment variables 
source ${syncFile(".python_profile")} 
# call script that sets up dependencies on the box from remote package repos 
python ${syncFile("setupPythonDependencies.py")} pycontrol 
# call a script that requires functions from the package as well as a function from myIncludedFile 
python ${syncFile("myF5CreateLBPool.py")} snow_pool myActualValue 
# user is responsible for their own cleanup 
rm ~/specialFunctions.py

To see the list of available MID Server scripts, navigate to MID Server > Script Files.

How search works:

Topics are ranked in search results by how closely they match your search terms

SSH step

SSH step

Roles and availability

Sanitizing arguments using the escape class and function

Fields

Advanced SSH script options

On this page

SSH step

SSH step

Roles and availability

Sanitizing arguments using the escape class and function

Fields

Advanced SSH script options

Log in to personalize your search results and subscribe to topics