This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
Home Products Support Community News


[Xen-users] SSH Console

To: <felix@xxxxxxxxxxxxxxxxxx>
Subject: [Xen-users] SSH Console
From: "Jonathan Tripathy" <jonnyt@xxxxxxxxxxx>
Date: Tue, 22 Jun 2010 11:10:42 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Tue, 22 Jun 2010 03:12:22 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcsR8yv2FtaaVN9TT4KmXKgTS1eHug==
Thread-topic: SSH Console
Hi Felix,
I have decided to go down the SSH console root. Ajaxterm was proving to be too difficult to implement with PHP sessions.
What I wish to do, is have a central "console server" that everyone will connect to. Upon login to this server, the user will be presented with a menu. The commands executed by this menu would probably be another ssh connection to the respective xen host that their VM is running on.
Can you please suggest a secure method of doing the above?
Currently, my train of thought is to have a single "global key" per Xen host, which the console server will store in its filesystem. Then, each user will have their own ssh account on the console server, but will only be allowed to run specific commands (which would be executed by the menu). E.g:
To start DomU, the user's menu script would execute: "ssh -i xenhost1-key@xxxxxxxxxxxxxxx xm console vm1"
Note the use of the "global key" for Xen host 1 in the above command.
Is this the correct way to go?
I woudn't mind writing the menu script in PHP or python, as then I could use varibales for the VM/Xen host name which could be retrieved from a database (would allow some backend migration things to work). Or alternativly, I could run a simple php/python script at the start, which would run a whoami, then look up a database for the VM/Xen host name, then use "export VM_NAME=...", then run a bash menu script. However, maybe this messes up the "restricted commands" feature of ssh?
What you think?
Many Thanks
Xen-users mailing list
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-users] SSH Console, Jonathan Tripathy <=