Hi Felix,
Thanks for the email.
>a simple init=/bin/bash added to the kernel command line allows
resetting the root password...
ok this worries me. Can you please explain
this a little further? Do you need to have access to the Dom0 to begin
with?
Thanks
Hi Jonathan,
do you definitely need a web console (so really
browser-based) or would you consider a SSH-based console?
I personally
prefer SSH because it is more secure, easier to set up and it is somehow the
default way of accessing remote consoles. You can do a modified SSH setup that
only allows access to the console, or optionally, access to xm console, xm list,
xm shutdown, xm create but restricted to the own VM of your customer. With
chroot-jails etc., other commands cannot be executed.
SSH also has the
advantage of good copy & paste of larger commands, and the possibility to
work with multiple client certificates and / or passwords. Probably your
administrative interface allows uploading of multiple public keys, so that your
customers can have multiple adminsitrative accounts for the server (but only one
can access the console at a time).
I've got no experiences with ajaxterm,
but you should really control its security:
Console access is quite useful
for hackers, e.g. some customer may forget to log out root or if you use pvgrub
/ pygrub, a simple init=/bin/bash added to the kernel command line allows
resetting the root password...
So it must be a really secure application, not
vulnerable to XSS, SQL Injections, Connection hijacking, ... and SSL
encrypted.
Regards,
Felix Kuperjans
Am 18.06.2010 13:02,
schrieb Jonathan Tripathy:
Hi Everyone,
Does anyone have any idea on how to give my customers a "web
console" for their VMs?
Using
http://antony.lesuisse.org/software/ajaxterm/ I
can manually set up a remote session for them, by doing
ajaxterm.py -c xm console <DOMNAME>
However is there any way to make this automatic? Maybe I could put it in the vif script?
Thanks
_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
Home