WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] Web Console Access

from [Felix Kuperjans] [Permanent Link][Original]
To: xen-users@xxxxxxxxxxxxxxxxxxx
Subject: Re: [Xen-users] Web Console Access
From: Felix Kuperjans <felix@xxxxxxxxxxxxxxxxxx>
Date: Fri, 18 Jun 2010 13:54:09 +0200
Delivery-date: Fri, 18 Jun 2010 04:55:45 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <46C13AA90DB8844DAB79680243857F0F0AFD30@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <46C13AA90DB8844DAB79680243857F0F0AFD30@xxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.9) Gecko/20100613 Shredder/3.0.4
Hi Jonathan,

do you definitely need a web console (so really browser-based) or would you consider a SSH-based console?

I personally prefer SSH because it is more secure, easier to set up and it is somehow the default way of accessing remote consoles. You can do a modified SSH setup that only allows access to the console, or optionally, access to xm console, xm list, xm shutdown, xm create but restricted to the own VM of your customer. With chroot-jails etc., other commands cannot be executed.
SSH also has the advantage of good copy & paste of larger commands, and the possibility to work with multiple client certificates and / or passwords. Probably your administrative interface allows uploading of multiple public keys, so that your customers can have multiple adminsitrative accounts for the server (but only one can access the console at a time).

I've got no experiences with ajaxterm, but you should really control its security:
Console access is quite useful for hackers, e.g. some customer may forget to log out root or if you use pvgrub / pygrub, a simple init=/bin/bash added to the kernel command line allows resetting the root password...
So it must be a really secure application, not vulnerable to XSS, SQL Injections, Connection hijacking, ... and SSL encrypted.

Regards,
Felix Kuperjans

Am 18.06.2010 13:02, schrieb Jonathan Tripathy:
Hi Everyone,
 
Does anyone have any idea on how to give my customers a "web console" for their VMs?
 
Using http://antony.lesuisse.org/software/ajaxterm/ I can manually set up a remote session for them, by doing 
ajaxterm.py -c xm console <DOMNAME>
However is there any way to make this automatic? Maybe I could put it in the vif script?
 
Thanks

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Xen-users] Web Console Access, Jonathan Tripathy
Next by Date:  Re: [Xen-users] Restrict Disk Usage, Felix Kuperjans
Previous by Thread:  [Xen-users] Web Console Access, Jonathan Tripathy
Next by Thread:  RE: [Xen-users] Web Console Access, Jonathan Tripathy
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy