Re: [asterisk-users] remote Asterisk console
On Tue, Jan 16, 2018 at 06:19:30PM +0100, Paul Neuwirth wrote: > Thank you both. That was (most likely) what I was looking for - but > still some worries about sending plaintext passwords... The AMI interface can use a Challenge-Response mechanisme for logins, if you are this concerned you should use this even over TLS/SSL/SSH. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] remote Asterisk console
true, here is how to do it https://blog.russellbryant.net/2008/01/30/asterisk-16-features-tls-for-manager-ami-and-http/ On Tue, Jan 16, 2018 at 5:27 PM, Antony Stone wrote: > On Tuesday 16 January 2018 at 18:19:30, Paul Neuwirth wrote: > >> On Tue, 16 Jan 2018 18:18:18 +0200 Tzafrir Cohen wrote: >> >> > Anyway, as mentioned before: you should probably use AMI. >> >> Thank you both. That was (most likely) what I was looking for - but >> still some worries about sending plaintext passwords... > > AMI can operate over TLS. > > > Antony. > > -- > Numerous psychological studies over the years have demonstrated that the > majority of people genuinely believe they are not like the majority of people. > >Please reply to the list; > please *don't* CC me. > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] remote Asterisk console
On Tuesday 16 January 2018 at 18:19:30, Paul Neuwirth wrote: > On Tue, 16 Jan 2018 18:18:18 +0200 Tzafrir Cohen wrote: > > > Anyway, as mentioned before: you should probably use AMI. > > Thank you both. That was (most likely) what I was looking for - but > still some worries about sending plaintext passwords... AMI can operate over TLS. Antony. -- Numerous psychological studies over the years have demonstrated that the majority of people genuinely believe they are not like the majority of people. Please reply to the list; please *don't* CC me. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] remote Asterisk console
On Tue, 16 Jan 2018 18:18:18 +0200 Tzafrir Cohen wrote: > On Tue, Jan 16, 2018 at 11:05:01AM +0100, Paul Neuwirth wrote: > > Hello group, > > > > what is the preferred method to connect to asterisk cli over > > network? I need to run asterisk cli commands remotely. > > As others have mentioned: the manager interface is normally better for > running over network. > > The manager interface also has an action calld 'Command' that runs a > CLI command. In fact, contrib/scripts/astcli uses it to allow > providing a remote console. > > Permissions needed for your manager user: For most things just: > > write=command > > To also be able to originate calls: > > write=command,originate > > To also be able to restart / reload: > > write=command,system > > > Sharing the unix socket through NFS, if that's working? > > No. > > > Or any other approaches, despite using SSH or rlogin, rsh. > > SSH: should work, sure. However, it means you ssh to root at the > remote host. Better set a key with 'command' explicitly set in > authorized_keys for this. > > Rlogin, rsh: seriously? Anybody still uses those? Not only are they > way less secure than SSH, they are also way less conveninet than any > decent SSH implementation. > > Anyway, as mentioned before: you should probably use AMI. > Thank you both. That was (most likely) what I was looking for - but still some worries about sending plaintext passwords... For my simple commands a simple netcat command works for me. Previously used asterisk -rx in scripts. But now asterisk servers and other processes are split over multiple physical servers. A binary or script, making use of encryption and miming asterisk -r would be best. I am wondering, why such a tool is not part of asterisk itself... maybe I give this a try setting up a user (group asterisk) with asterisk -r as "login shell".. and use ssh.. or something like that. It should be that safe, no other commands can be executed.. -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] remote Asterisk console
On Tue, Jan 16, 2018 at 11:05:01AM +0100, Paul Neuwirth wrote: > Hello group, > > what is the preferred method to connect to asterisk cli over network? I > need to run asterisk cli commands remotely. As others have mentioned: the manager interface is normally better for running over network. The manager interface also has an action calld 'Command' that runs a CLI command. In fact, contrib/scripts/astcli uses it to allow providing a remote console. Permissions needed for your manager user: For most things just: write=command To also be able to originate calls: write=command,originate To also be able to restart / reload: write=command,system > Sharing the unix socket through NFS, if that's working? No. > Or any other approaches, despite using SSH or rlogin, rsh. SSH: should work, sure. However, it means you ssh to root at the remote host. Better set a key with 'command' explicitly set in authorized_keys for this. Rlogin, rsh: seriously? Anybody still uses those? Not only are they way less secure than SSH, they are also way less conveninet than any decent SSH implementation. Anyway, as mentioned before: you should probably use AMI. -- Tzafrir Cohen +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] remote Asterisk console
Hi, The easiest way would be to use asterisk manager interface (some simple steps to activate it on asterisk are easily found in the docs) https://wiki.asterisk.org/wiki/display/AST/AMI+Examples Now you will need a good python library to make it even easier https://pypi.python.org/pypi/asterisk-ami/0.1.0 example : # 1- import from asterisk.ami import AMIClient from asterisk.ami import SimpleAction # 2- connect client = AMIClient(address='192.168.1.100',port=5038) client.login(username='username',secret='password') # 3- use action = SimpleAction( 'Originate', Channel='SIP/2010', Exten='2010', Priority=1, Context='default', CallerID='python', ) client.send_action(action) # 4- take a break your work is done REMARQUE: opening up your server to external access need to be done with a lot of care. On Tue, Jan 16, 2018 at 10:05 AM, Paul Neuwirth wrote: > Hello group, > > what is the preferred method to connect to asterisk cli over network? I > need to run asterisk cli commands remotely. > Sharing the unix socket through NFS, if that's working? > Or any other approaches, despite using SSH or rlogin, rsh. > > Thank you > > Paul > > -- > _ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > > Check out the new Asterisk community forum at: https://community.asterisk.org/ > > New to Asterisk? Start here: > https://wiki.asterisk.org/wiki/display/AST/Getting+Started > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: >http://lists.digium.com/mailman/listinfo/asterisk-users -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[asterisk-users] remote Asterisk console
Hello group, what is the preferred method to connect to asterisk cli over network? I need to run asterisk cli commands remotely. Sharing the unix socket through NFS, if that's working? Or any other approaches, despite using SSH or rlogin, rsh. Thank you Paul -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- Check out the new Asterisk community forum at: https://community.asterisk.org/ New to Asterisk? Start here: https://wiki.asterisk.org/wiki/display/AST/Getting+Started asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users