New take on interactive SSH - @insectos/ssh-exec


  • reads the .ssh/config to present target hosts
  • only connects on first data send
  • can switch target hosts through msg.sshshost parameter

feedback is apprechiated

Is there a reason you didn't use 'node-red-contrib...' in the name?

What makes it different from the other ssh nodes?

The new guidelines dont insist on node-red-contrib-xxx format. The preferred format is a scoped name. see Introducing the Node Scorecard : Node-RED :slight_smile:

Yes, but it does recommend, or at least suggest, including node-red in the name
"If you use a scoped name, there are no further requirements on the name. You could use @myScope/node-red-sample or just @myScope/sample - although having node-red in the name does help to associate the module with the project."

I know it's not required but if I were looking for a SSH node via google I'd use 'Node-red ssh' and that node is not going to be on the first page of results. I like having node-red-contrib... as part of the name, it allows me to find things easily.

Just my opinion.

Indeed & why i linked to the docs.

My comment was more about the question Paul asked...

... in particular the -contrib part.

I dont completely disagree (minus the contrib part).

For future custom nodes I do - I personally intend on keeping the node-red part (dropping the contrib part)

1 Like

That is my intention also.

Naming has benn discussed... now to the differences:

  • Ability to pick an SSH hostname from ~/.ssh/config, effectively abstracting it away from the flow
  • Support for SSH keys when using a host from config
  • Password classified as credential (so properly encrypted)
  • Connection only gets established when actually data is sent
  • Abillity to change the hostname through a value in msg

We use this as configuration mechanism for servers out in our farms. An operator (or an event) picks a farm from a list and sends commands. So instead of requiring one node per farm and resulting n open connections, we only need one that opens when needed

Installed the node on my Mac Mini M1 and imported the example flow. As soon as I deploy I get:

Flows stopped due to missing node types.

* ssh-exec


UPDATE: I went to remove the node and see this
Screenshot 2023-08-30 at 5.35.50 AM

It would be nice to see that somewhere else than when trying to remove the node...
maybe allow the location to be customizable as on the Mac it is .ssh/known_hosts

Ahhh nice catch. I'll add a check fo that file. .ssh/known_hosts serves a different purpose than .ssh/config, don't confuse the two. I develop on Mac & Linux an the file you want is .ssh/config


Host git fortress
    IdentityFile ~/.ssh/gitkey_stwissel
    User Stwissel
    Port 22
    IdentitiesOnly yes

(not all entries are needed)

.ssh/known_hosts ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl

0.3.1 with file check is out

I've created the .ssh/config file and from a terminal on the Mac it works fine, I can access on of my local pi's with

paul@PaulsM1 ~ % ssh yellowpi
Linux yellowpi 5.10.103-v7+ #1529 SMP Tue Mar 8 12:21:37 GMT 2022 armv7l

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Aug 31 13:53:25 2023 from 2600:4040:5b24:4d00:988d:7b3:db83:5a73
pi@yellowpi:~ $ ls -al
total 322700
drwxr-xr-x 20 pi   pi        4096 Aug 31 13:42 .
drwxr-xr-x  3 root root      4096 May  7  2021 ..
-rw-------  1 pi   pi       17489 Aug 31 13:57 .bash_history
-rw-r--r--  1 pi   pi         220 May  7  2021 .bash_logout
-rw-r--r--  1 pi   pi        3523 May  7  2021 .bashrc
drwxr-xr-x  2 pi   pi        4096 May  7  2021 Bookshelf
  1. So I installed the latest version of your node and it shows 'yellow' in the ssh Config but why does it require the password when it is in the .ssh/config? Isn't that one of the purposes of the config file?
  2. if I put in the password it remains disconnected
  3. if I use manual Host configuration it works but outputs odd characters
drwxr-xr-x  3 root root      4096 May  7  2021 e[01;34m..e[0m
-rw-------  1 pi   pi       17500 Aug 31 14:08 .bash_history
-rw-r--r--  1 pi   pi         220 May  7  2021 .bash_logout
-rw-r--r--  1 pi   pi        3523 May  7  2021 .bashrc
drwxr-xr-x  2 pi   pi        4096 May  7  2021 e[01;34mBookshelfe[0m

The "odd characters" are control characters send by your SSH connection. Your terminal converts them into the colors you see. The ssh-node doesn't have a UI, so no conversion is happening, it's just the raw output.
For passwords: I don't store them in config, since they are there in clear text. Credentials in NodeRED are encrypted, so it felt safer.

On your problem: did you have a user/password connection or did you use a key file? I've mostly tested with key files. Any chance you see the potential error in the log?

I suggest you change your sample flow to use
ls --color=never -al


I use a IdentityFile

Host yellowpi 
HostName yellowpi.local
User pi 
IdentityFile ~/.ssh/id_rsa

But my question is: in the node, why do I have to supply the password in the first place? Doesn't that defeat the purpose of creating a .ssh/config file?

In addition how do I dynamically swap ssh hosts if I need to supply a password when it isn't documented in the the Help?

Currently if I set the node to manual Host configuration for yellowpi and include the password I can get data back. If I then set an inject node to include msg.sshhost when I run it I get

errMsg: Error: All configured authentication methods failed
host: undefined

[UPDATE - 2022-09-06
] I've started opening issues in GitHub about some of these problems.

Thx appreciate it. I’ll look at it on the weekend