[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] xl migrate command - disable ssh



>> I'm rather curious as to why you want to disable SSH. Since the
>> migration is passing raw memory blocks across the network, this is
>> certainly something that ought to be encrypted to prevent both
>> monkeying and sniffing.
>>
>
> also if the migration takes place in a private dedicated network for
> example this is not the case. disabling ssh decreases cpu load and
> probably gives better performance. However my real intention is only
> to monitor the difference in performance for purely research purposes. :)

Wonderful! Just had to do my due diligence.

>> Regardless, to migrate using some program other than SSH, you need
>> something akin to it (e.g. tenlet, RSH, etc.). Xen does not create
>> a migration "socket" on its own,
>
> yeah i have understand that. I think that it uses the same certificate
> as the target machine uses for the ssh login for example.

That's because it's just ssh. Nothing special or fancy, just run of
the mill ssh. It does the standard fingerprint checking that's done
with any ssh initiation, with the one slight gotcha of xl being run as
root, so the /root/.sshh/known_hosts file is used instead of your own.

>> AFAIK the xl migrate scheme passes the
>> data to xl on the receiving side through stdin on the terminal.
>>
>
> I would be grateful if you can place me hints of how i can use that to
> achieve my goal. :)
>
> Thanks,
>
> Katerina

As I said, you'll first need to get some sort of remote shell working.
My suggestions are for RSH or Telnet, but anything that can get you a
shell will work. Unfortunately, I have absolutely no experience with
either, as I have been raised in an ssh world. In fact, I use sshfs
for remote file shares, and I've never had an issue with performance
bottlenecks even while saturating my gigabit link. So not that I'm
discouraging your academic exploration, but I would say that in all
likelihood, the performance loss of using ssh is negligible and the
security gained is substantial. Just my $0.02.

> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQEcBAEBAgAGBQJRQR7UAAoJEIrShLVVnSKr1doIAJM9CldXO+fQLZGGk1tDMF24
> AZPrLcgvixQJWx72Tz84V5UcDTLzYS6GwTTidY65/6UzdANUx6lbe2FuuNKQN63X
> QA7w2d9mPXnmLA21I+u1iocLdeQAbpVr3uIPYbRbHGK26hkDg4X4+pbIBmncRrjO
> CokT1gqj+JARG+H7EdqHoy7Rh35XN2bcScXn4WY5uwN7HK7uKrHybRQU/zNh8aY6
> 9SQbbmuZzy7EJg0e0qtQO6b4JVSUD2TJp//1blZRK/BRGhsIiQUApFUi72QH/zXw
> UQPFZW2utOd7fxR8nKRVReGgtKQuoiTiWcEuzpCUL0+mgnndxmHiG/XTeSmP8MY=
> =oVhA
> -----END PGP SIGNATURE-----



-- 
--Zootboy

Sent from some sort of computing device.

_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.