Previous Topic: The UNAB Conflicts FileNext Topic: The SAM Automatic Login Application Visual Basic Script


The SSH Device XML File

The SSH Device XML file lets you configure how SAM connects to an SSH Device endpoint, discovers user accounts, and changes privileged account passwords on the endpoint.

Different SSH Device XML files configure the interactions with different types of SSH Device endpoints. For example, the aix_connector_conf.xml file configures the connection to an AIX endpoint, and the device_connector_conf.xml file configures the connection to an SSH device such as a router.

Note: For more information about SSH Device XML file types, see the Enterprise Administration Guide.

The SSH Device XML files are located in the following directory:

ACServerInstallDir/Connector Server/conf/override/sshdyn

If required, you can customize the SSH Device XML files to suit your enterprise requirements.

Structure

The SSH Device XML file contains the following elements:

The <class name="CommandSet"> element contains array elements that group sets of commands, as follows:

Each array element contains multiple <item> elements. An <item> element defines the parameters for a specific command that SAM executes on the endpoint. For example, an <item> element in the <array name="oGetUsers"> element may specify the:

Note: For examples of how <item> elements in the SSH Device XML file configure interactions with SSH Device endpoints, see the Enterprise Administration Guide.

You use nested parameters to define the configuration settings for each element, as follows:

Each nested parameter has the following format:

<param name="name" value="value" />

The following snippet of an SSH Device XML file shows how the elements are nested:

<package name="com.ca.jcs.sshdyn">
	<class name="SSHConnectionManager">
		<param name="name" value="value" />
	</class>
</package>
<package name="com.ca.sessame.conn.unix">
	<class name="CommandProcessor">
		<param name="name" value="value" />
	</class>
	<class name="CommandSet">
		<instance name="ssh">
			<array name="oGetUsers">
				<item>
					<param name="name" value="value" />
				</item>
			</array>
			<array name="oChangePassword">
				<item>
					<param name="name" value="value" />
				</item>
			</array>
			<array name="oSubstituteUser">
				<item>
					<param name="name" value="value" />
				</item>
			</array>
		</instance>
	</class>
</package>

Elements

SSHConnectionManager

Specifies the settings that SAM uses to manage the SSH connection.

This class element contains the following parameter:

I_CONNECTIONS

Defines the number of concurrent connections to the endpoints.

Default: 10

CommandProcessor

Specifies the settings that SAM uses to connect to the SSH Device endpoint.

This class element contains the following parameters:

bToLog

Specifies whether SAM writes messages to sLogFileName.

Limits: true, false

Default: true

sLogFileName

Defines the relative pathname to the log file.

Default: ..\logs\uxlog.txt

limitResultCharsToLog

Defines the maximum number of characters CA ControlMinder writes to the log file for each connection.

Default: 1500

bSkipOperationAdminTestConnection

Specifies

Limits: true, false

Default: true

maxTimeLimit

Defines the maximum time, in milliseconds, that SAM waits for values.

Default: 1500

waitIntervalDefault

Defines the time, in milliseconds, that SAM wait

Default: 500

login_str

Specifies the Telnet request command for a user name.

Example: login

password_str

Specifies the Telnet request command for password.

Example: password

AYT_answer

Specifies the answer that the device for the Telnet command "Are You There"

Default: Solaris-Yes, Linux-yes, AIX-here

Note: Due to different configurations, each SSH device can have a unique reply to the AYT command. You can modify the SSH XML file accordingly.

To discover the format, open a telnet session to the device and run the following:

^+]
send ayt
iPort

Defines the SSH port number.

Note: By default, this parameter is commented out.

Default: 22

CommandSet

Specifies the commands that SAM executes on the endpoint.

This class element contains array elements that group the commands that SAM executes on the endpoint.

oGetUsers

Specifies the commands that SAM executes to get users.

This array element contains item elements that define the parameters for the specific commands that SAM executes to get users.

oChangePassword

Specifies the commands that SAM executes to change user passwords.

This array element contains item elements that define the parameters for the specific commands that SAM executes to change user passwords.

oSubstituteUser

Specifies the commands that SAM executes to su to another user.

This array element contains item elements that define the parameters for the specific commands that SAM executes to su to another user.

Note: This element is valid only for the aix_connector_conf.xml, checkpoint_connector_conf.xml, and ssh_connector_conf.xml files.

item

Specifies the parameters for a specific command that SAM executes on the endpoint.

Each item element may contain the following parameters:

sCommand

Defines the command that SAM sends to the endpoint.

iWait

Defines the interval, in milliseconds, that SAM waits until it performs the next step.

Default: 500

sWaitForText

Defines the text string that SAM waits to receive in response to the command defined in sCommand.

sFailureResult

Defines the text string that SAM receives from the endpoint that indicates the command failed.

sToFilterOut

Defines the text strings that SAM removes from the endpoint output.

bHideSentLog

Specifies whether to write commands to the log file.

Limits: true - SAM does not write commands to the log file, false - SAM does write commands to the log file

Default: true

sTrueResultRegex

(Optional) Specifies to compare the command results with the specified string. If the result does not match the string, an error message is displayed.

Note: By default, this parameter is commented out.

iXMLVersion

Indicates the XML file version. The XML version cannot be later than the XML version that is defined in the SSL connector.

Default: 0

ToReport

Specifies whether XML processing data is logged to $XML_NAME..lodaing_report.xml. The log file is located in the following directory:

ACServerInstallDir/Connector Server/conf/override/sshdyn

Limits: true, false

Default: true

FileIsLoaded

Indicates that the XML file was loaded successfully.

Default: OK

More information:

Example: How an SSH Device XML File Defines SAM Commands