I have decided to go down the SSH console root. Ajaxterm was
proving to be too difficult to implement with PHP sessions.
What I wish to do, is have a central "console server" that everyone
will connect to. Upon login to this server, the user will be presented with a
menu. The commands executed by this menu would probably be another ssh
connection to the respective xen host that their VM is running on.
Can you please suggest a secure method of doing the above?
Currently, my train of thought is to have a single "global key" per
Xen host, which the console server will store in its filesystem. Then, each user
will have their own ssh account on the console server, but will only be allowed
to run specific commands (which would be executed by the menu). E.g:
Note the use of the "global key" for Xen host 1 in the above
Is this the correct way to go?
I woudn't mind writing the menu script in PHP or python, as then I
could use varibales for the VM/Xen host name which could be retrieved from
a database (would allow some backend migration things to work). Or alternativly,
I could run a simple php/python script at the start, which would run a whoami,
then look up a database for the VM/Xen host name, then use "export
VM_NAME=...", then run a bash menu script. However, maybe this messes up the
"restricted commands" feature of ssh?
What you think?