[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] SSH Console



Hi Felix,
 
I have decided to go down the SSH console root. Ajaxterm was proving to be too difficult to implement with PHP sessions.
 
What I wish to do, is have a central "console server" that everyone will connect to. Upon login to this server, the user will be presented with a menu. The commands executed by this menu would probably be another ssh connection to the respective xen host that their VM is running on.
 
Can you please suggest a secure method of doing the above?
 
Currently, my train of thought is to have a single "global key" per Xen host, which the console server will store in its filesystem. Then, each user will have their own ssh account on the console server, but will only be allowed to run specific commands (which would be executed by the menu). E.g:
 
To start DomU, the user's menu script would execute: "ssh -i xenhost1-key@xxxxxxxxxxxxxxx xm console vm1"
 
Note the use of the "global key" for Xen host 1 in the above command.
 
Is this the correct way to go?
 
I woudn't mind writing the menu script in PHP or python, as then I could use varibales for the VM/Xen host name which could be retrieved from a database (would allow some backend migration things to work). Or alternativly, I could run a simple php/python script at the start, which would run a whoami, then look up a database for the VM/Xen host name, then use "export VM_NAME=...", then run a bash menu script. However, maybe this messes up the "restricted commands" feature of ssh?
 
What you think?
 
Many Thanks
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.