[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [Xen-users] xl migrate command - disable ssh
>> I'm rather curious as to why you want to disable SSH. Since the >> migration is passing raw memory blocks across the network, this is >> certainly something that ought to be encrypted to prevent both >> monkeying and sniffing. >> > > also if the migration takes place in a private dedicated network for > example this is not the case. disabling ssh decreases cpu load and > probably gives better performance. However my real intention is only > to monitor the difference in performance for purely research purposes. :) Wonderful! Just had to do my due diligence. >> Regardless, to migrate using some program other than SSH, you need >> something akin to it (e.g. tenlet, RSH, etc.). Xen does not create >> a migration "socket" on its own, > > yeah i have understand that. I think that it uses the same certificate > as the target machine uses for the ssh login for example. That's because it's just ssh. Nothing special or fancy, just run of the mill ssh. It does the standard fingerprint checking that's done with any ssh initiation, with the one slight gotcha of xl being run as root, so the /root/.sshh/known_hosts file is used instead of your own. >> AFAIK the xl migrate scheme passes the >> data to xl on the receiving side through stdin on the terminal. >> > > I would be grateful if you can place me hints of how i can use that to > achieve my goal. :) > > Thanks, > > Katerina As I said, you'll first need to get some sort of remote shell working. My suggestions are for RSH or Telnet, but anything that can get you a shell will work. Unfortunately, I have absolutely no experience with either, as I have been raised in an ssh world. In fact, I use sshfs for remote file shares, and I've never had an issue with performance bottlenecks even while saturating my gigabit link. So not that I'm discouraging your academic exploration, but I would say that in all likelihood, the performance loss of using ssh is negligible and the security gained is substantial. Just my $0.02. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQEcBAEBAgAGBQJRQR7UAAoJEIrShLVVnSKr1doIAJM9CldXO+fQLZGGk1tDMF24 > AZPrLcgvixQJWx72Tz84V5UcDTLzYS6GwTTidY65/6UzdANUx6lbe2FuuNKQN63X > QA7w2d9mPXnmLA21I+u1iocLdeQAbpVr3uIPYbRbHGK26hkDg4X4+pbIBmncRrjO > CokT1gqj+JARG+H7EdqHoy7Rh35XN2bcScXn4WY5uwN7HK7uKrHybRQU/zNh8aY6 > 9SQbbmuZzy7EJg0e0qtQO6b4JVSUD2TJp//1blZRK/BRGhsIiQUApFUi72QH/zXw > UQPFZW2utOd7fxR8nKRVReGgtKQuoiTiWcEuzpCUL0+mgnndxmHiG/XTeSmP8MY= > =oVhA > -----END PGP SIGNATURE----- -- --Zootboy Sent from some sort of computing device. _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxx http://lists.xen.org/xen-users
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |