[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-users] SSH Console
Hi Felix,
I have decided to go down the SSH console root. Ajaxterm was
proving to be too difficult to implement with PHP sessions.
What I wish to do, is have a central "console server" that everyone
will connect to. Upon login to this server, the user will be presented with a
menu. The commands executed by this menu would probably be another ssh
connection to the respective xen host that their VM is running on.
Can you please suggest a secure method of doing the above?
Currently, my train of thought is to have a single "global key" per
Xen host, which the console server will store in its filesystem. Then, each user
will have their own ssh account on the console server, but will only be allowed
to run specific commands (which would be executed by the menu). E.g:
To start DomU, the user's menu script would execute: "ssh -i xenhost1-key@xxxxxxxxxxxxxxx xm
console vm1"
Note the use of the "global key" for Xen host 1 in the above
command.
Is this the correct way to go?
I woudn't mind writing the menu script in PHP or python, as then I
could use varibales for the VM/Xen host name which could be retrieved from
a database (would allow some backend migration things to work). Or alternativly,
I could run a simple php/python script at the start, which would run a whoami,
then look up a database for the VM/Xen host name, then use "export
VM_NAME=...", then run a bash menu script. However, maybe this messes up the
"restricted commands" feature of ssh?
What you think?
Many Thanks _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |