ssh: add basic SSH and SCP tasks

Author: ibodrov

pom.xml

@@ -47,6 +47,7 @@
         <module>tasks/msteams</module>
         <module>tasks/puppet</module>
         <module>tasks/s3</module>
+        <module>tasks/ssh</module>
         <module>tasks/terraform</module>
         <module>tasks/xml</module>
         <module>tasks/zoom</module>
@@ -95,6 +96,12 @@
                     </exclusion>
                 </exclusions>
             </dependency>
+            <!-- remove once Concord switches from the original JSch to this fork -->
+            <dependency>
+                <groupId>com.github.mwiede</groupId>
+                <artifactId>jsch</artifactId>
+                <version>2.27.3</version>
+            </dependency>
         </dependencies>
     </dependencyManagement>
 

tasks/ssh/pom.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>com.walmartlabs.concord.plugins</groupId>
+        <artifactId>concord-plugins-parent</artifactId>
+        <version>2.8.1-SNAPSHOT</version>
+        <relativePath>../../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>ssh-tasks</artifactId>
+    <packaging>jar</packaging>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.github.mwiede</groupId>
+            <artifactId>jsch</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.walmartlabs.concord.runtime.v2</groupId>
+            <artifactId>concord-runtime-sdk-v2</artifactId>
+            <scope>provided</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-api</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.junit.jupiter</groupId>
+            <artifactId>junit-jupiter-params</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.testcontainers</groupId>
+            <artifactId>testcontainers</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>dev.ybrig.concord</groupId>
+                <artifactId>concord-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+</project>

tasks/ssh/src/main/java/com/walmartlabs/concord/plugins/ssh/JSchUtils.java

@@ -0,0 +1,88 @@
+package com.walmartlabs.concord.plugins.ssh;
+
+/*-
+ * *****
+ * Concord
+ * -----
+ * Copyright (C) 2017 - 2025 Walmart Inc., Concord Authors
+ * -----
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * =====
+ */
+
+import com.jcraft.jsch.ChannelExec;
+import com.jcraft.jsch.JSch;
+import com.jcraft.jsch.JSchException;
+import com.jcraft.jsch.Session;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.List;
+
+public final class JSchUtils {
+
+    private static final Logger log = LoggerFactory.getLogger(JSchUtils.class);
+
+    public static Exec sshExec(JSch jsch, String user, String password, String host, int port, int timeout) throws JSchException {
+        Session session = null;
+        try {
+            session = jsch.getSession(user, host, port);
+            if (password != null) {
+                session.setPassword(password);
+                session.setConfig("PreferredAuthentications", "password");
+            }
+            session.setHostKeyRepository(new NoopHostKeyRepository());
+
+            session.connect(timeout);
+
+            var channel = (ChannelExec) session.openChannel("exec");
+            return new Exec(session, channel);
+        } catch (JSchException e) {
+            if (session != null) {
+                session.disconnect();
+            }
+            throw e;
+        }
+    }
+
+    public static JSch initJsch(List<String> identities) {
+        var jsch = new JSch();
+
+        identities.stream()
+                .map(Paths::get)
+                .filter(p -> Files.exists(p) && Files.isReadable(p))
+                .forEach(p -> {
+                    try {
+                        jsch.addIdentity(p.toString());
+                    } catch (JSchException e) {
+                        log.warn("Unable to add {} as a SSH identity: {}", p, e.getMessage());
+                    }
+                });
+
+        return jsch;
+    }
+
+    public record Exec(Session session, ChannelExec channel) implements AutoCloseable {
+
+        @Override
+        public void close() {
+            session.disconnect();
+            channel.disconnect();
+        }
+    }
+
+    private JSchUtils() {
+    }
+}

tasks/ssh/src/main/java/com/walmartlabs/concord/plugins/ssh/NoopHostKeyRepository.java

@@ -0,0 +1,60 @@
+package com.walmartlabs.concord.plugins.ssh;
+
+/*-
+ * *****
+ * Concord
+ * -----
+ * Copyright (C) 2017 - 2025 Walmart Inc., Concord Authors
+ * -----
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * =====
+ */
+
+import com.jcraft.jsch.HostKey;
+import com.jcraft.jsch.HostKeyRepository;
+import com.jcraft.jsch.UserInfo;
+
+public class NoopHostKeyRepository implements HostKeyRepository {
+
+    @Override
+    public int check(String host, byte[] key) {
+        return HostKeyRepository.OK;
+    }
+
+    @Override
+    public void add(HostKey hostkey, UserInfo ui) {
+    }
+
+    @Override
+    public void remove(String host, String type) {
+    }
+
+    @Override
+    public void remove(String host, String type, byte[] key) {
+    }
+
+    @Override
+    public String getKnownHostsRepositoryID() {
+        return "InMemoryRepo";
+    }
+
+    @Override
+    public HostKey[] getHostKey() {
+        return new HostKey[0];
+    }
+
+    @Override
+    public HostKey[] getHostKey(String host, String type) {
+        return new HostKey[0];
+    }
+}

tasks/ssh/src/main/java/com/walmartlabs/concord/plugins/ssh/ScpTask.java

@@ -0,0 +1,134 @@
+package com.walmartlabs.concord.plugins.ssh;
+
+/*-
+ * *****
+ * Concord
+ * -----
+ * Copyright (C) 2017 - 2025 Walmart Inc., Concord Authors
+ * -----
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * =====
+ */
+
+import com.walmartlabs.concord.runtime.v2.sdk.Task;
+import com.walmartlabs.concord.runtime.v2.sdk.TaskResult;
+import com.walmartlabs.concord.runtime.v2.sdk.Variables;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import javax.inject.Named;
+import java.io.BufferedInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.util.List;
+
+import static com.walmartlabs.concord.plugins.ssh.JSchUtils.initJsch;
+import static com.walmartlabs.concord.plugins.ssh.JSchUtils.sshExec;
+
+@Named("scp")
+public class ScpTask implements Task {
+
+    private static final Logger log = LoggerFactory.getLogger(ScpTask.class);
+
+    @Override
+    public TaskResult execute(Variables input) throws Exception {
+        var host = input.assertString("host");
+        var user = input.assertString("user");
+        var password = input.getString("password");
+        var identities = input.getList("identities", List.<String>of());
+        var port = input.getInt("port", 22);
+        var timeout = input.getInt("timeout", 30000);
+        var src = input.assertString("src");
+        var dest = input.assertString("dest");
+
+        if (!dest.startsWith("/")) {
+            throw new IOException("The 'dest' path must be absolute: " + dest);
+        }
+
+        var localPath = Paths.get(src);
+        if (!Files.exists(localPath)) {
+            throw new IOException("The 'src' file doesn't exist: " + src);
+        }
+        if (!Files.isReadable(localPath)) {
+            throw new IOException("The 'src' file is not readable: " + src);
+        }
+
+        log.info("Sending local file {} to {}@{}:{}{}...", src, user, host, port, dest);
+
+        var lastModified = Files.getLastModifiedTime(localPath).toMillis();
+        var fileSize = Files.size(localPath);
+
+        var jsch = initJsch(identities);
+        try (var exec = sshExec(jsch, user, password, host, port, timeout)) {
+            var channel = exec.channel();
+            channel.setCommand("scp -p -t " + dest);
+            channel.connect();
+
+            var out = channel.getOutputStream();
+            var in = channel.getInputStream();
+
+            checkAck(in);
+
+            // last modified
+            out.write(("T" + (lastModified / 1000) + " 0 " + (lastModified / 1000) + " 0\n").getBytes());
+            out.flush();
+            checkAck(in);
+
+            // file size
+            out.write(("C0644 " + fileSize + " " + localPath.getFileName().toString() + "\n").getBytes());
+            out.flush();
+            checkAck(in);
+
+            // send content
+            try (var fis = new BufferedInputStream(Files.newInputStream(localPath))) {
+                fis.transferTo(out);
+            }
+
+            // end of content
+            out.write(0);
+            out.flush();
+            checkAck(in);
+
+            return TaskResult.success();
+        }
+    }
+
+    private void checkAck(InputStream in) throws IOException {
+        int b = in.read();
+
+        if (b == 0) {
+            return;
+        }
+
+        if (b == -1) {
+            throw new IOException("EOF");
+        }
+
+        if (b == 1 || b == 2) {
+            StringBuilder sb = new StringBuilder();
+            int c;
+            do {
+                c = in.read();
+                sb.append((char) c);
+            } while (c != '\n');
+            if (b == 1) {
+                throw new IOException("SCP error: " + sb);
+            }
+            throw new IOException("SCP fatal error: " + sb);
+        }
+
+        throw new IllegalStateException("Unknown SCP error");
+    }
+}