| <!-- |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <html> |
| |
| <head> |
| <meta http-equiv="Content-Language" content="en-us"> |
| <link rel="stylesheet" type="text/css" href="../stylesheets/style.css"> |
| <title>SSHEXEC Task</title> |
| </head> |
| |
| <body> |
| |
| <h2><a name="sshexec">SSHEXEC</a></h2> |
| <h3>Description</h3> |
| |
| <p><em>since Apache Ant 1.6</em></p> |
| |
| <p>Runs a command on a remote machine running SSH daemon. |
| </p> |
| |
| <p><b>Note:</b> This task depends on external libraries not included |
| in the Ant distribution. See <a |
| href="../install.html#librarydependencies">Library Dependencies</a> |
| for more information. This task has been tested with jsch-0.1.29 and above |
| and won't work with versions of jsch earlier than |
| 0.1.28.</p> |
| |
| <p>See also the <a href="scp.html">scp task</a></p> |
| |
| <h3>Parameters</h3> |
| <table border="1" cellpadding="2" cellspacing="0"> |
| <tr> |
| <td valign="top"><b>Attribute</b></td> |
| <td valign="top"><b>Description</b></td> |
| <td align="center" valign="top"><b>Required</b></td> |
| </tr> |
| <tr> |
| <td valign="top">host</td> |
| <td valign="top">The hostname or IP address of the remote host to which you wish to connect.</td> |
| <td valign="top" align="center">Yes</td> |
| </tr> |
| <tr> |
| <td valign="top">username</td> |
| <td valign="top">The username on the remote host to which you are connecting.</td> |
| <td valign="top" align="center">Yes</td> |
| </tr> |
| <tr> |
| <td valign="top">command</td> |
| <td valign="top">The command to run on the remote host.</td> |
| <td valian="top" align="center">Either this or commandResource must be set</td> |
| </tr> |
| <tr> |
| <td valign="top">commandResource</td> |
| <td valign="top">The resource (file) that contains the commands to run on the remote host. |
| Since Ant 1.7.1</td> |
| <td valian="top" align="center">Either this or command must be set</td> |
| </tr> |
| <tr> |
| <td valign="top">port</td> |
| <td valign="top">The port to connect to on the remote host.</td> |
| <td valian="top" align="center">No, defaults to 22.</td> |
| </tr> |
| <tr> |
| <td valign="top">trust</td> |
| |
| <td valign="top">This trusts all unknown hosts if set to yes/true.<br> |
| <strong>Note</strong> If you set this to false (the default), the |
| host you connect to must be listed in your knownhosts file, this |
| also implies that the file exists.</td> |
| <td valian="top" align="center">No, defaults to No.</td> |
| </tr> |
| <tr> |
| <td valign="top">knownhosts</td> |
| <td valign="top">This sets the known hosts file to use to validate |
| the identity of the remote host. This must be a SSH2 format file. |
| SSH1 format is not supported.</td> |
| <td valian="top" align="center">No, defaults to |
| ${user.home}/.ssh/known_hosts.</td> |
| </tr> |
| <tr> |
| <td valign="top">failonerror</td> |
| <td valign="top">Whether to halt the build if the command does not complete successfully. |
| </td> |
| <td valign="top" align="center">No; defaults to true.</td> |
| </tr> |
| <tr> |
| <td valign="top">password</td> |
| <td valign="top">The password.</td> |
| <td valign="top" align="center">Not if you are using key based |
| authentication or the password has been given in the file or |
| todir attribute.</td> |
| </tr> |
| <tr> |
| <td valign="top">keyfile</td> |
| <td valign="top">Location of the file holding the private key.</td> |
| <td valign="top" align="center">Yes, if you are using key based |
| authentication.</td> |
| </tr> |
| <tr> |
| <td valign="top">passphrase</td> |
| <td valign="top">Passphrase for your private key.</td> |
| <td valign="top" align="center">No, defaults to an empty string.</td> |
| </tr> |
| <tr> |
| <td valign="top">suppresssystemout</td> |
| <td valign="top">Whether to suppress system out. |
| <em>since Ant 1.9.0</em></td> |
| <td align="center" valign="top">No, defaults to false</td> |
| </tr> |
| <tr> |
| <td valign="top">suppresssystemerr</td> |
| <td valign="top">Whether to suppress system err. |
| <em>since Ant 1.9.4</em></td> |
| <td align="center" valign="top">No, defaults to false</td> |
| </tr> |
| <tr> |
| <td valign="top">output</td> |
| <td valign="top">Name of a file to which to write the output.</td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">errorOutput</td> |
| <td valign="top">The file to which the standard error of the |
| command should be redirected. <em>since Ant 1.9.4</em></td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">append</td> |
| <td valign="top">Whether output file should be appended to or overwritten. Defaults to false, meaning overwrite any existing file.</td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">errAppend</td> |
| <td valign="top">Whether errorOutput file should be appended to or |
| overwritten. Defaults to false, meaning overwrite any existing |
| file. <em>since Ant 1.9.4</em></td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">outputproperty</td> |
| <td valign="top">The name of a property in which the output of the |
| command should be stored. If you use the commandResource |
| attribute, each command's output will be prefixed by the |
| command itself.</td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">errorproperty</td> |
| <td valign="top">The name of a property in which the standard error of the |
| command should be stored. <em>since Ant 1.9.4</em></td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">resultproperty</td> |
| <td valign="top">the name of a property in which the return code |
| of the command should be stored. Only of interest if |
| failonerror=false. <em>since Ant 1.9.4</em></td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">timeout</td> |
| <td valign="top">Stop the command if it doesn't finish within the |
| specified time (given in milliseconds <b>unlike telnet, which |
| expects a timeout in seconds</b>). |
| Defaults to 0 which means "wait forever".</td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">input</td> |
| <td valign="top">A file from which the executed command's standard |
| input is taken. This attribute is mutually exclusive with the |
| inputstring and inputproperty attributes.<br/> |
| When executing more than one command via commandResource, input |
| will be read for each command. |
| <em>since Ant 1.8.0</em></td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">verbose</td> |
| <td valign="top">Determines whether sshexec outputs verbosely to the user.<br/> |
| Similar output is generated as the ssh commandline tool wit the -v option. |
| <em>since Ant 1.8.0</em></td> |
| <td align="center">No, defaults to false</td> |
| </tr> |
| <tr> |
| <td valign="top">inputproperty</td> |
| <td valign="top">Name of a property who's content serves as the |
| input stream for the executed command. This attribute is |
| mutually exclusive with the input and inputstring |
| attributes.<br/> |
| When executing more than one command via commandResource, input |
| will be read for each command. |
| <em>since Ant 1.8.0</em></td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">inputstring</td> |
| <td valign="top">A string which serves as the input stream for the |
| executed command. This attribute is mutually exclusive with the |
| input and inputproperty attributes.<br/> |
| When executing more than one command via commandResource, input |
| will be read for each command. |
| <em>since Ant 1.8.3</em></td> |
| <td align="center" valign="top">No</td> |
| </tr> |
| <tr> |
| <td valign="top">usepty</td> |
| <td valign="top">Whether to allocate a pseudo-tty (like ssh -t). |
| <em>since Ant 1.8.3</em></td> |
| <td align="center" valign="top">No, defaults to false</td> |
| </tr> |
| <tr> |
| <td valign="top">useSystemIn</td> |
| <td valign="top">Whether to pass the current standard input to the |
| remote process. |
| <em>since Ant 1.9.4</em></td> |
| <td align="center" valign="top">No, defaults to false</td> |
| </tr> |
| <tr> |
| <td valign="top">serverAliveIntervalSeconds</td> |
| <td valign="top">Sets a timeout interval in seconds after which if no data has |
| been received from the server, the task will send a message through |
| the encrypted channel to request a response from the server. |
| <em>since Ant 1.9.7</em></td> |
| <td align="center" valign="top">No, the default is 0, indicating |
| that these messages will not be sent to the server</td> |
| </tr> |
| <tr> |
| <td valign="top">serverAliveCountMax</td> |
| <td valign="top">The number of server alive messages which may be |
| sent without receiving any messages back from the server. Only |
| used if serverAliveIntervalSeconds is not 0. |
| <em>since Ant 1.9.7</em></td> |
| <td align="center" valign="top">No, defaults to 3</td> |
| </tr> |
| </table> |
| |
| <h3>Examples</h3> |
| <p><b>Run a command on a remote machine using password authentication</b></p> |
| <pre> |
| <sshexec host="somehost" |
| username="dude" |
| password="yo" |
| command="touch somefile"/> |
| </pre> |
| |
| <p><b>Run a command on a remote machine using key authentication</b></p> |
| <pre> |
| <sshexec host="somehost" |
| username="dude" |
| keyfile="${user.home}/.ssh/id_dsa" |
| passphrase="yo its a secret" |
| command="touch somefile"/> |
| </pre> |
| |
| <p><b>Run a command on a remote machine using key authentication with no passphrase</b></p> |
| <pre> |
| <sshexec host="somehost" |
| username="dude" |
| keyfile="${user.home}/.ssh/id_dsa" |
| command="touch somefile"/> |
| </pre> |
| |
| <p><b>Run a set of commands from a command resource (file) on a remote machine using key authentication with no passphrase</b></p> |
| <pre> |
| <sshexec host="somehost" |
| username="dude" |
| keyfile="${user.home}/.ssh/id_dsa" |
| commandResource="to_run"/> |
| </pre> |
| |
| |
| <p><strong>Security Note:</strong> Hard coding passwords and/or usernames |
| in sshexec task can be a serious security hole. Consider using variable |
| substitution and include the password on the command line. For example:<br> |
| <pre> |
| <sshexec host="somehost" |
| username="${username}" |
| password="${password}" |
| command="touch somefile"/> |
| </pre> |
| Invoking ant with the following command line: |
| <pre> |
| ant -Dusername=me -Dpassword=mypassword target1 target2 |
| </pre> |
| |
| Is slightly better, but the username/password is exposed to all users |
| on an Unix system (via the ps command). The best approach is to use |
| the |
| <code><input></code> task and/or retrieve the password from a (secured) |
| .properties file. |
| </p> |
| </body> |
| </html> |