jgetcredential, jtool getcredential
jgetcredential lets you retrieve RunMyJobs credentials. You can call it as jgetcredential or jtool getcredential.
jgetcredential cannot be used outside of job context because it needs to retrieve either a user password credential from a RunMyJobs login credential, or a private key passphrase from a RunMyJobs passphrase credential. So the -j or -job-context parameter is implied.
jgetcredential is typically used by other jtool modes, such as jscp, in order to obtain credentials to execute the SSH protocol. But it can also be used by ssh or sudo running in a job, because SSH_ASKPASS and SSH_ASKPASS default to jgetcredential as part of a job environment.
Note: For installation instructions, see jtool.
Syntax
jgetcredential [-h|-?|-help] [-l <loglevel>] [-f <logfile>] -j|-job-context [-p|-protocol <protocol>]
[<prompt>]| Argument | Description |
|---|---|
| -h, -?, -help | Show the help. |
-l <loglevel> |
Set the log level. |
-f <logfile> |
Logs to a file instead of stdoutor stderr. |
| -j, -job-context | Gets the environment from the job context. |
| -p, -protocol | The credential protocol. The default value is passwphrase. |
<prompt>
|
The prompt. |
TLS Arguments
| Argument | Environment Variable | Description |
|---|---|---|
| -tlsv1_3, -tls13 | JCS_SSL_METHOD=tlsv1_3
|
Use TLS v1.3 secured connection. |
| -tlsv1_2, -tls12 | JCS_SSL_METHOD=tlsv1_2
|
Use TLS v1.2 secured connection. |
| -tlsv1_1, -tls11 | JCS_SSL_METHOD=tlsv1_1
|
Use TLS v1.1 or better secured connection. |
| -tlsv1, -tls | JCS_SSL_METHOD=tlsv1
|
Use TLS v1.0 or better secured connection (default). |
| -sslv3, -ssl | JCS_SSL_METHOD=sslv3
|
Use SSL v3 or better secured connection. |
-cipherlist <text> |
JCS_SSL_CIPHERLIST
|
Set list of available ciphers. |
-passphrase <text> |
JCS_SSL_PASSPHRASE
|
Set passphrase for private key. |
-key <file> |
JCS_SSL_KEYPATH
|
Set private key. |
-cert <file> |
JCS_SSL_CERTIFICATE_PATH
|
Set public certificate. |
-ca <file|path> |
JCS_SSL_TRUSTED_CERTIFICATE_FILE
|
Trusted CA certificates path or file. |
| -[no]verify | JCS_SSL_VERIFY_CERT
|
(Do not) verify peer (server or client) certificate. |
-verify-names <namelist> |
JCS_SSL_VERIFY_SERVER_NAMES, JCS_SSL_VERIFY_CLIENT_NAMES |
Verify peer (server or client) certificate hostname against list. |
Example
The following UNIX shell example shows how to retrieve a sudo password from a RunMyJobs login credential.
SUDO_ASKPASS=`which jgetcredential`
sudo -A cat /var/log/syslogThe following UNIX shell example shows how to use ssh to retrieve a user password from a RunMyJobs login credential.
# For user authentication by username/password we must ensure that
# $JCS_SSH_USER and $JCS_SSH_HOST are setup for the use of jgetcredential;
# you would usually set them on the process and provide defaults there.
# This example uses Bash parameter substitution for illustration purposes.
# SSH_ASKPASS defaults to jcredential in the environment of a running job.
# ssh will use jgetcredential to obtain a user password from the login credential on the Redwood Server.
${JCS_SSH_USER:=<user>} ${JCS_SSH_HOST:=<host>} ssh "#{JCS_SSH_USER}@${JCS_SSH_HOST}" unameThe following UNIX shell example shows how to use ssh to retrieve a private key passphrase from a RunMyJobs passphrase credential.
# SSH_ASKPASS defaults to jcredential in the environment of a running job.
# For user authentication by publickey, jgetcredential is called to obtain the passphrase protecting the identity file (private key file).
# It obtains this from a passphrase credential on the Redwood Server.
ssh -i <identity_file> hostname unameNote: There is a credential of credential protocol passphrase for the Run As User, with Endpoint set to the current hostname in this system.