karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Nodet <gno...@gmail.com>
Subject Re: Does the ssh:sshd command really need to create a new ssh server on each call?
Date Tue, 03 Jul 2012 12:18:23 GMT
I'm not really sure how we could do such a netstat command if we don't
manage all the ports ourselves ...

Anyway, for sshd, i guess we could get rid of the command if it isn't used
(and I agree I've never seen anyone using it so far).  I don't think we
should add management layers for each port though: all the configuration is
already centralized in configadmin, and I fear that adding lots of commands
for managing things that we already have common management for, may just
confuse users.  I guess what we're missing for common ports is a simpler
way (more centralized) configuration file, so maybe using
etc/config.properties for common port configuration and using placeholders
referring to those would be easier for users, so that they would only have
a single file to modify...
Removing this sshd command will have a nice effect of removing your concern
about mixing blueprint calls in the code btw ;-)

On Mon, Jul 2, 2012 at 2:57 PM, Christian Schneider <chris@die-schneider.net
> wrote:

> You hit a good sport there. I think we could need an information on all
> kind of services with external connectivity that are running.
> So tpyically I would like to see:
> - http
> - ssh
> - jmx
> ...
> As bit like netstat -l just for karaf but with some additional
> informations. I think such a command would also be a nice security tool to
> check you do not have ports open that should be closed.
> Christian
> Am 02.07.2012 14:48, schrieb Claus Ibsen:
>  Hi
>> I miss a command to list the current running sshd servers.
>> So for example if people start Karaf using bin/karaf, then there is no
>> easy way to find out what the SSH port is if you want to remote
>> connect to your Karaf.
>> In that light for starters a list option on sshd would be nice
>> ssdh list
>> PS: Likewise for JMX etc.
>> It would be nice with some way to see in the logs / from karaf:info
>> etc. to see all the running management services and the urls they
>> expose for remote management. Today you gotta know the defaults, and
>> "cross fingers" that this is the options you use. If not you gotta go
>> hunt in the zillion config files in etc to figure out this.
>> On Mon, Jul 2, 2012 at 11:50 AM, Christian Schneider
>> <chris@die-schneider.net> wrote:
>>> Hi all,
>>> while working on the ssh part of karaf I wondered if the sshd command is
>>> really implemented in the way people need it.
>>> Currently each call to sshd creates a new ssh server. I personally never
>>> had
>>> the need to have more than one ssh server running for one instance of
>>> karaf.
>>> So I wonder if it would make sense to change the command to manage a
>>> single
>>> ssh server instance. Like:
>>> ssh:sshd start -p 8102
>>> or ssh:sshd start -p 8102
>>> ssh:sshd stop
>>> JB told me that ssh is used in Fabric and there it might be necessary to
>>> have more than one instance.
>>> @Guillaume can you give us some insight how it is used there?
>>> If we decide we need the capability to run more than one instance of ssh
>>> server then I think we should at least provide full management of these
>>> instances.
>>> Currently the sshd command can start any number of ssh servers but it can
>>> not stop them. I think the servers started in this way would not even
>>> stop
>>> when the ssh bundle is stopped.
>>> I also wonder if it would make sense to separate the ssh server part from
>>> the ssh client. So you can start a ssh server by installing a
>>> org.apache.karaf.sshd bundle or similar.
>>> Christian
>>> --
>>> Christian Schneider
>>> http://www.liquid-reality.de
>>> Open Source Architect
>>> Talend Application Integration Division http://www.talend.com
> --
> Christian Schneider
> http://www.liquid-reality.de
> Open Source Architect
> Talend Application Integration Division http://www.talend.com

Guillaume Nodet
Blog: http://gnodet.blogspot.com/
FuseSource, Integration everywhere

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message