- My View
In Instambul version of SSH custom activity, we have not checked the must sudo option. Linux admin had shared the sudo credentials but even with out must_sudo option clicked the successful connection happens and we are able to execute the commands.
I want to know how midserver (window's midserver with ssh capability) is making the connection to the server? Is it the direction connection or sudo connection?
You may have problems with commands that require root privilege, see documentation below for a complete list of commands:
If your mid server successfully executes linux commands on a Linux server, then surely your mid server is using SSH to directly execute the commands remotely. Without advanced logging (a packet trace or logging on the linux target machine, or maybe turning up logging debug on your instance?),..... it'd be difficult to provide a definitive answer regarding sudo usage.
But since you mention your Linux admin sharing sudo creds, I'm wondering if the linux commands have been set to run without requiring sudo? Troubleshooting idea: Perhaps run discovery against a different Linux server, one that your admin as NOT touched... to see if results are same or not..
Sudo Id's were created with the property - direct access disabled.
Hence Linux admins were much concerned when the Orchestration made successful connections to the servers with the sudo credentials.
Hi Sahana --
I'm curious to try and reproduce this behavior. Can you (or your linux admins?) describe the exact way they created sudo ID's with 'direct access disabled'? I'd like to try this on a test linux box, but of course need to know exactly how to repeat what was done to set this up... - Dave
Sahana, the kind of connection is the same regardless.
If you tick the must_sudo box, and your command already contains sudo, there is no effect because SSHCommand already knows you want sudo, and knows what command you want to apply it to.
If it does not, then things get complicated depending on whether you have j2ssh or sncssh enabled, whether there is a script argument or not, and what your sudoers config looks like.
Do you have a command that requires sudo? Can you show us what your activity looks like?