This document is an introduction to Digmia Secure Shell (DSSH for short). DSSH was written as a direct replacement for OpenSSH client for our use. DSSH adds SSH over SSH tunelling capabilities (for example to log in to network which is hidden by firewall), scripting support (using BeanShell), advanced agent (which allows storing of passwords) and "su -" interactive logging for machines, which have disabled direct root login.
All of this was done to enable automated scripting and logging to lots of machines based on few simple rules.
It uses Trilead SSH library (slightly patched, included).
You can view short presentation about DSSH and its usage.
- a terminal emulator (Windows command prompt will not work for this purpose, so only UNIX-like systems are currently supported)
- Java runtime environment (at least 6.0)
Supported platforms (out of the box):
- Mac OS X on x86, x86_64 and PPC
- Linux on x86 and amd64
- FreeBSD 7
- Solaris 10
Installation and usage
If you change IP addresses (for example when using dssh on a laptop computer, that is connected to several networks), you will probably find out, that dssh takes quite a long time to connect to an agent (it looks like it hung up), or writes and error. This is because RMI server (in this case dssh-agent) sends it's hostname to dssh client, which then tries to connect back. If you have different IP addresses, or different hostnames, this is what you would see. I recommend adding -Djava.rmi.server.hostname=localhost to JAVAOPTS in your dssh.opts (by default in /etc/dssh or ~/.dssh). This would by default prevent you connecting to your agent from other hosts on the network, but if your IP address changes often, it not a good idea either. This is a limitation of Java RMI, not DSSH itself.
Current version is 1.1k.
To get notified about new versions, please subscribe to dssh project on freshmeat. We always announce new versions on freshmeat.
- Collect configuration parameters from Cisco routers which require "ena" login
- Log in to servers, which have PermitRootLogin disabled directly as root (by typing su - and password automatically), while preserving exit status
- Tunnel through several connections to get to target server
- Add custom logic such as advanced logging
Examples are available, if you have any questions or ideas, don't be shy and ask, we'll be glad to help.
Satisfied? Not what you expected? Could not make it to run? Confused how to use it? Mail us back, maybe we could help you. And it's always nice to hear, if someone has given our project a try.
DSSH 1.1k released 1.2.2010
- Switched from Groovy to BeanShell. This usually requires rewriting of dssh.groovy, but very simple tweaks are needed. This caused memory footprint to drop significantly and load time is twice as fast.
- Added Solaris platform support
DSSH 1.1i released 27.11.2008
- Parameter -v is more verbose than before: It prints what authentication method did succeed.
- Does not try to authenticate using su or ena, if agent has no password for that particular user. When using -v, it explains what's wrong.
DSSH 1.1h released 20.11.2008
- Added Linux amd64 support, thanks to Michal 'anti' Klempa.
DSSH 1.1g released 4.8.2008
- Added scp mode by popular request (just add -s and it should work as normal scp command). Recursive mode is not yet supported, neither are "su" sessions (when using InteractiveSuSession, dssh acts like normal interactive session, i.e. it does not log in as root, when PermitRootLogin no is on server and you script it via InteractiveSuSession). Direct copying from or to root account are supported when PermitRootLogin is yes, so in this way, it is not less powerful than scp itself.
- Ported DSSH to latest Trilead SSH library (which is a successor of Ganymed SSH). It is the same codebase, just package names changed and few feature were added. It also contains a much faster SHA1 algorithm. I also decided to include patch against stock Trilead SSH, althrough it's not a license requirement, it is a good idea if you would ever wanted to port DSSH to later version of Trilead SSH library yourself.
DSSH 1.1f released 29.7.2008
- Added batch mode by popular request (-B)
DSSH 1.1e released 11.6.2008
- Added warning if older Java is found during installation, showing user where to set path to Java 1.6
- Added Mac OS X 10 Java 6 support (official version), added JRE autodetection for OS X
DSSH 1.1d released 14.5.2008
- Fixed RSA key authentication (we've been using DSA all this time, so no one noticed it).
- Several minor platform support fixes.
DSSH 1.1b released 17.12.2007
- Minor bugfix (use orighost for fetching of passwords, in case you are behind nat and need password authentication). Should not affect 99% of users.
DSSH 1.1a released 4.12.2007
- Added support for FreeBSD 7
DSSH 1.0z released 27.11.2007
- Added support for Leopard Java 6 preview from open source java6 porting effort. Tested with 64-bit version on Leopard. Make sure you have correct path to java6 in /etc/dssh/dssh.opts.
DSSH 1.0y released 13.8.2007
- Add InteractiveEnaSession, which should allow executing commands as "ena" user on Cisco ASA 552x. We use it for automatic collection of "show running-config" among other things.
DSSH 1.0x released 16.7.2007
- Nicer error messages
- Correct return values from commands
- Allow to force interactive mode and stay logged after executing command (parameter -I)
- Added paramter for verbose connects (-v)
- Can surpress output for InteractiveSuSession (enabled by default, disable with -O)
- Several bugs fixed