SSHepherd Documentation
< All Topics
Print

CLI Reference

This article provides an overview of the commands and parameters available when using the shepctl and shepagent CLI.

shepctl usage:

usage: shepctl  [-h] [--url URL] [--user USER] [--hostid HOSTID] [--hostname HOSTNAME] [--group GROUP] [--start START]
                [--end END] [--recordingid RECORDINGID] [--role ROLE] [--replay] [--port PORT] [--sshuser SSHUSER] 
                [--sshargs SSHARGS] [--sshcmd SSHCMD] [--sshnohostkey] [--scpsrc SCPSRC] [--scptgt SCPTGT] 
                [--tgtrdpport TGTRDPPORT] [--srcrdpport SRCRDPPORT] [--ignore-ssl-errors] 
                [--sshdisableoldalgo SSHDISABLEOLDALGO] [-q] [--proxy PROXY] [--bulkfile BULKFILE]
                [command]

positional arguments:
  command               one of: login logout whoami get-auth-token create-user remove-user create-group group-add 
                        group-del list-group remove-group list-role list-user-role role-add role-del list-host 
                        remove-host list-recording get-recording attach-recording tunnel terminate-tunnel 
                        ssh-tunnel scp-tunnel mstsc-tunnel (bulk commands: create-users group-add-users)

options:
  -h, --help            show this help message and exit
  --url URL             SSHepherd server url used for login
  --user USER           User name (email) for login, create-user, and group-add, list-user-role, role-add, role-del, and remove-user
  --hostid HOSTID       Host ID for tunnel, group-add, remove-host, and list-host
  --hostname HOSTNAME   Host name for tunnel commands
  --group GROUP         Group name for create-group and group-add
  --start START         Start datetime for list-recording
  --end END             End datetime for list-recording
  --recordingid RECORDINGID
                        Recording ID for get-recording, terminate-tunnel, and attach-recording
  --role ROLE           Role name for role-add and role-del
  --replay              Replay existing recording data for attach-recording
  --port PORT           Local port to use for tunnel instead of a random port
  --sshuser SSHUSER     User name to pass to the ssh command when doing an ssh-tunnel, i.e. ssh (--sshuser)@host
  --sshargs SSHARGS     Arguments to pass to the ssh command when doing an ssh-tunnel, i.e. ssh (--sshargs)
                        (--sshuser)@host
  --sshcmd SSHCMD       Command to pass to the ssh command when doing an ssh-tunnel, i.e. ssh (--sshargs)
                        (--sshuser)@host
  --sshnohostkey        Used with ssh-tunnel and scp-tunnel to skip host key verification
  --scpsrc SCPSRC       Used with the scp-tunnel command to signify the source, if local use as normal. If remote,
                        <user>@localhost:<source>
  --scptgt SCPTGT       Used with the scp-tunnel command to signify the target, if local use as normal. If remote,
                        <user>@localhost:<target>
  --tgtrdpport TGTRDPPORT
                        Target rdp port, default 3389
  --srcrdpport SRCRDPPORT
                        Source rdp port
  --ignore-ssl-errors   Ignore errors verifying SSL certificates
  --sshdisableoldalgo SSHDISABLEOLDALGO
                        Disable older ssh algorithms (diffie-hellman-group1-sha1,ecdh-sha2-nistp256)
  -q                    Minimize prompts for input
  --proxy PROXY         proxy to use, example socks5h://localhost:9050
  --bulkfile BULKFILE   To be used with bulk commands, this is a line seperated list of things (i.e. users) to be acted on

shepagent usage:

usage: shepagent  [-h] [--url URL] [--key KEY] [--script SCRIPT] [--scriptargs SCRIPTARGS] [--socat SOCAT] 
                  [--sshd SSHD] [--rec REC] [--mkdir MKDIR] [--port PORT] [--apikey APIKEY]  
                  [--group GROUP] [--ignore-ssl-error] [--nowinssh] [--proxy PROXY]
                  [command]

positional arguments:
  command               command: register, run, list-whitelist, add-whitelist, remove-whitelist 
                        
options:
  -h, --help            show this help message and exit
  --url URL             SSHepherd server url 
  --key KEY             SSH key for authentication
  --script SCRIPT       full path to tty recorder
  --scriptargs SCRIPTARGS   
                        args to pass to tty recorder
  --socat SOCAT         full path to socat
  --sshd SSHD           full path to sshd
  --rec REC             full path to record fifo
  --mkdir MKDIR         full path to mkdir command
  --port PORT           list of port(s) to add/remove from whitelist. 
                        (Single port: --port 80) (Multiple ports: --port 80 --port 443)
  --apikey APIKEY       API key to use for the register command
  --group GROUP         list of group(s) to add the agent to when registering  
                        (Single group: --group MYGROUP) (Multiple groups: --group
                        MYGROUP1 --group MYGROUP2)
  --ignore-ssl-errors   Ignore errors verifying SSL certificates
  --nowinssh            Set to not have OpenSSH installed during register on Windows
  --proxy PROXY         proxy to use, example socks5h://localhost:9050
In This Article