SSH Command Executor

Executes a non-interactive shell command using SSH.

Depending on the shell of the remote machine, it is usually possible to provide a full command line, including multiple commands and shell directives.The node makes the exit code of the command(s) available as a flow variable. If enabled, the standard out and standard error are similarly captured. Placeholders can be used to insert input and output files or folders into the command string if so desired.

Important Considerations:

  • By default the node tests for a POSIX compliant sh shell and refuses execution if none is found. This is done to so that any input and output file/folder paths can be securely passed to the command. In case this enforcement is disabled with the setting in the advanced “Security” settings and no compliant shell is found, then paths are directly inserted into the command string and special characters in them are NOT escaped because the target shell and its quoting and escaping mechanism is unknown. Thus, the paths have to be manually escaped and quoted in the command string to prevent syntax errors and command injection. The “Forbidden Characters” option provides a way to reject paths if they contain certain characters, which is especially important if the paths are provided via flow variable (which is NOT recommended). More information can be found in the relevant option descriptions.
  • Upon cancellation, the node sends a CTRL-C to the target shell and then terminates. Note that a remote command may continue to execute beyond that. This may happen either because the current program ignores the signal, or because the shell jumped to the next specified command. In POSIX this can be avoided by using conditional (&&) instead of sequential (;) execution. In either case these commands may have to be canceled manually or with subsequent SSH External Tool nodes.
  • Each command execution requests a shell session from the SSH server. These sessions are shared with SFTP sessions from the preceding SSH Connector. The number of available shell sessions can be increased in the advanced tab of the SSH Connector.

Options

Command
Specifies the remote command to run.
The special strings “%%inputFile%%” and “%%outputFile%%” will be replaced by the paths specified below if desired. Placeholders must be quoted using the target shell's quoting mechanism to prevent unexpected syntax errors or code injection. Normally the node enforces a POSIX compliant sh shell and provides the paths as the first and second argument respectively, thus placeholders must be quoted using double quotes (""). The same is true for Windows's cmd.exe. In the case POSIX compliance could not be determined and enforcement is disabled, the file/folder paths will be directly inserted into the command string and are NOT escaped! If the target shell is partially POSIX compliant (like Windows PowerShell or fish), single quotes ('') should be used to quote the directly inserted file/folder paths. Even if not POSIX compliant, depending on the advanced “Forbidden Characters” option, a path may be rejected before execution if it contains dangerous characters.
All paths will be made absolute before they are used to work from every working directory. The command will not use the working directory specified in the SSH Connector Node and instead usually uses the remote user's user folder as its working directory.
Most target shells support providing a shell script instead of a single command. Thus, for example, multiple commands can be separated with “&&” on POSIX shells and Windows's cmd.exe.
Command encoding
String encoding in which to send the command to the remote machine. This setting depends on the SSH server implementation on the remote machine. On modern machines, the server will likely expect UTF-8, even on Windows.
  • UTF-8: Standard encoding used on most Linux machines and OpenSSH (Eight-bit UCS Transformation Format).
  • UTF-16LE: May be used by some Windows machines (Sixteen-bit UCS Transformation Format, little-endian byte order).
  • Other: Allows to specify a custom valid charset name supported by the Java Virtual Machine.
Custom command encoding
Name of a custom character encoding known to the JVM.
If the remote command exits with non-zero status
What to do if the remote command returns a non-zero (or no) exit code.
  • Fail: Node execution will fail.
  • Report: The return value will be made available as a flow variable called ssh_command_exit.
Output Encoding
String encoding in which to expect any response output from the remote machine. This setting depends on the PTY implementation on the remote machine. On modern machines, the output will likely be in UTF-8, even on Windows.
  • UTF-8: Standard encoding used on most Linux machines and OpenSSH (Eight-bit UCS Transformation Format).
  • UTF-16LE: May be used by some Windows machines (Sixteen-bit UCS Transformation Format, little-endian byte order).
  • Other: Allows to specify a custom valid charset name supported by the Java Virtual Machine.
Custom output encoding
Name of a custom character encoding known to the JVM.
Use input file or folder
Whether to replace “%%inputFile%%” in the command with the file or folder specified below.
File/Folder
Specifies a path to an input file or folder which will be used in the external command.
When this file is specified by a flow variable, special care has to be taken to avoid code injection! The advanced “Security” option can be used to reject paths with dangerous characters. However, in general relying on flow variables is NOT recommended, and instead using a Transfer Files node before this node to ensure that the input file is at the required location is more robust and secure.
If input file/folder does not exist before execution
What to do if the specified file or folder does not exist before execution.
  • Fail: Fail node execution.
  • Warn: Set a node warning message.
  • Ignore: Do nothing.
Use output file or folder
Whether to replace “%%outputFile%%” in the command with the file or folder specified below.
File/Folder
Specifies a path to an output file or folder which will be used in the external command.
When this file is specified by a flow variable, special care has to be taken to avoid code injection! The advanced “Security” option can be used to reject paths with dangerous characters. However, in general relying on flow variables is NOT recommended, and instead using a Transfer Files Node after this node to ensure that the output file is moved to the desired location is more robust and secure.
If output file/folder already exists
What to do if the specified file or folder already exists before execution. This can be used to avoid accidental overwrite of existing output files.
  • Fail: Fail node execution.
  • Warn: Set a node warning message.
  • Ignore: Do nothing.
Enforce POSIX compliant shell (recommended)
Whether to fail execution if the node could not detect a POSIX compliant sh shell.
Using a POSIX shell allows the node to pass the input and output files or folders as arguments/variables instead of inserting them into the command string. This increases security greatly as the paths only have to be quoted, and no special characters have to be escaped.
This option should only be disabled if no POSIX shell is available. In that case the “forbidden character set” will still be checked as a fallback. It is recommended to NOT control input and output files or folders with flow variables if this option is disabled! (See respective option description.)
Use DOS-style paths if no POSIX shell is detected
Whether to convert absolute file/folder paths to their DOS-style equivalent by removing the leading slash and replacing slashes with backslashes. If the command is running on a Windows or DOS shell, a path is invalid otherwise.
DOS-style paths are only used if no POSIX compliant shell is detected, even if this option is enabled.
If file/folder paths contain forbidden characters
What to do if a specified absolute path of file or folder contains a character from the set below.
  • Fail: Fail node execution.
  • Warn: Set a node warning message.
  • Ignore: Do nothing.
Forbidden character set to use
Which character set to use for dangerous characters.
  • Default: Forbids characters that can be used to start a new command or do command substitution in a POSIX shell or Windows's cmd.exe (namely <";$`&'|>\) as well as all ISO control characters.
  • Custom: Allows to define a custom character set to disallow.
Forbid control characters
Whether to add all ISO control characters like new lines and tabs to the custom character set defined below.
Forbidden characters
A custom list of characters to use. These characters are used verbatim. That means trailing white space will not be removed and escape sequences for special characters like \n are not supported.
Shell session timeout (seconds)
The timeout to open a shell session using the SSH connection. A value of “0” means no timeout. Upon frequent timeouts, it may help to increase the number of maximum concurrent shell sessions in the SSH Connector, while decreasing the number of SFTP sessions.

Input Ports

Icon
An SSH File System Connection whose existing SSH connection will be used to execute the command. The file system is also browsable to select input and output files or folders.

Output Ports

Icon
The node exports the flow variable ssh_command_exit (if enabled) which contains the exit code of the command(s) (integer).
Icon
A table containing the complete standard and error output in one string column, a row for each line.

Popular Predecessors

  • No recommendations found

Popular Successors

  • No recommendations found

Views

This node has no views

Workflows

  • No workflows found

Links

Developers

You want to see the source code for this node? Click the following button and we’ll use our super-powers to find it for you.

Installation

To use this node in KNIME, install the extension KNIME Basic File System Connectors from the below update site following our NodePit Product and Node Installation Guide:

v5.4

A zipped version of the software site can be downloaded here.

Plugin provider: KNIME AG, Zurich, Switzerland
Plugin version: 5.4.0.v202411221549
On NodePit since: 2024-12-06
Last update: 2024-12-17
Tags: Streamable
KNIME versions: Since v5.4

Deploy, schedule, execute, and monitor your KNIME workflows locally, in the cloud or on-premises – with our brand new NodePit Runner.

Try NodePit Runner!