[Feature] SSH Plugin

[andrewrkerr]

Summary

Allowing server commands (bash, powershell, etc.) to be called and return output.

Motivation

This would enable automation that isn't handled easily by an API/DB. Basic example: IT creates a basic form/button that would call a command to disable someone in AD. HR could just put in a username a click disable. This could then send an email to a distro letting them know the user has been disabled. This is just an example, but the possibilities for scripting would be endless.

Additional Context

Using JS would run the command locally, but the user may not be able to run the command due to vlan, permissions, or other factors. Having the command run from the server could resolve this. IT would be able to handle the logic, error checking and etc within their code. The main idea is just to be able to call commands from Appsmith to the server.

Security could be a concern since you may not want all users to have access to this feature. Permissions around it would be a bonus.

[sumitsum]

Hi @andrewrkerr, can you please explain if it is same or different from running a REST API call on the server ?

[andrewrkerr]

No, it wouldn't be an api call. Here's a better breakdown of what I meant.

I install Appsmith on a linux server. I'd like to be able to send a bash command from Appsmith to the server it's installed on. Another example: I set a button so that when someone clicks it, then it can run "apt-get update" or any other bash command.

Let me know if this makes more sense.

[sumitsum]

Hi @andrewrkerr, thanks for clearing that up. Can you please explain a little more regarding the use case and what more can be done with it ?

[andrewrkerr]

The use case would be to allow IT to create automations and allow for the "non-tech" to run the commands with a button click. Here's a few examples:

IT installs powershell on the same server that Appsmith is installed. IT creates powershell scripts for various tasks. IT links the powershell scripts to different buttons/forms in Appsmith. Appsmith calls the powershell command/script and gives the "non-tech" access to the page with the buttons/forms/etc. This would allow us to automate almost anything that isn't an API or database call.

Most of our users don't have access to do things like: disable users in AD, purge emails from O365, install apps to other servers., and many other tasks. This would allow IT to provide a simple option to the end users to handle these tasks and more. The automation possibilities with this type of setup is almost endless.

[sumitsum]

Hi @Nikhil-Nandagopal @mohanarpit need your opinion on this one. Do you think the use case described fit the Appsmith product vision/goal ? I think there are some issues with the proposal - (1) it does not seem to align with the goal of the application (2) an application like this shouldn't try to modify server properties where many other such applications may be deployed. It can open up many security issues.

[andrewrkerr]

Hey @sumitsum - For (1) - I understand if it doesn't align with your vision/goal. For (2) - I think this could be handled with permissions to alleviate the security concerns.

Either way, I think it's a great tool that will help lots of people.

[mohanarpit]

@andrewrkerr If I re-frame this feature request, do you think your use-case can be accomplished using an SSH plugin? Imagine a case where you could provide your SSH username, password/identity file to Appsmith and setup a SSH connection. You could then SSH into any server you'd like to and execute any shell command on the remote server. Technically, you could also SSH into the same server where Appsmith is hosted and run any shell commands.

This would be secure because the permissions for the commands being executed will depend on the securities of your SSH login user.

As @sumitsum mentioned, I don't think allowing an application to modify the underlying OS is a good idea. These permissions should be granted explicitly.

[Nikhil-Nandagopal]

@andrewrkerr thank you for the details. This is a pretty unique idea! It sounds like an alternative to having to write an API / DB query for users who are more comfortable using a scripting language.

[andrewrkerr]

@mohanarpit That would work as well!

[rubabuddin]

Would also be interested in something similar so that Python scripts that live on another server could be executed. This would remove the requirement of exposing these as APIs.

[richardkaplan]

A similar example would be the abilitly to run an Applescript or Javascript for Automation script - you would never want to expose this to random people, but for use by trusted people it could be extremely useful.

[vanscurvy]

I am interested in this as well. The first use case would be to run a script on the same server that mounts a pre-authenticated google drive account. The second would be to give an end user the ability to drive home-automation scripts living on the same server.

[TannerW]

Any update on this? Really exciting feature!

[Nikhil-Nandagopal]

Unfortunately not. We have a backlog of plugins that we haven't been able to get to lately. We're working on creating bandwidth to pick these up!

[TannerW]

@Nikhil-Nandagopal Understood! Thank you for the response and the hard work!

[CanalWood]

I've seen the video of this new feature and it's really exciting!

I would like to use this feature to run script to execute some powercli vsphere command or execute terraform file.
Do you have an estimate date for this delivery?

Good luck and thanks!!

[sumitsum]

@CanalWood thanks for sharing your feedback and use case :) . Regarding the timeline, this quarter seems difficult, next quarter may be possible, not sure though. Apologies for the delay.