If you want/need a solution 90 seconds ago, take a look here:
https://wiki.fd.io/view/VPP/VPP_Home_Gateway
Add a user ("admin", maybe?) whose login shell is vppctl, and you're done.
Please don't create a gigantic security hole.
D.
From: tianye@sina <tiany...@sina.com>
Sent: Tuesday, November 27, 2018 12:19 AM
To: 'Hu, Xuekun' <xuekun...@intel.com>; Dave Barach (dbarach)
<dbar...@cisco.com>; vpp-dev@lists.fd.io
Subject: RE: [vpp-dev] About in-band telnet/ssh support of VPP
Partially completed work will also be welcome if you agree to share.
Or you can just push your temporary work to sandbox gerrit so that anyone could
get some idea about how to porting.
You never understand how we need it :)
From: Hu, Xuekun [mailto:xuekun...@intel.com]
Sent: Tuesday, November 27, 2018 12:58 PM
To: dbar...@cisco.com<mailto:dbar...@cisco.com>; tianye@sina;
vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: RE: [vpp-dev] About in-band telnet/ssh support of VPP
Dave, can you estimate when the sshd work to be done? We really like this
feature.
Thanks.
From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
<vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of Dave Barach via
Lists.Fd.Io
Sent: Monday, November 26, 2018 8:42 PM
To: tianye@sina <tiany...@sina.com<mailto:tiany...@sina.com>>;
vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Cc: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: Re: [vpp-dev] About in-band telnet/ssh support of VPP
Please do not use the vpp host stack to listen to port 23 (telnet) on a
network-facing interface. You could do that, but please don't do that.
All you would need to add is a well-known default password, and you would have
created a super-trivial attack surface for your product.
Florin and I are working to crank up sshd over the host stack. No guaranteed
end-date, but it's coming...
D.
From: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
<vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>> On Behalf Of tianye@sina
Sent: Sunday, November 25, 2018 9:10 PM
To: vpp-dev@lists.fd.io<mailto:vpp-dev@lists.fd.io>
Subject: [vpp-dev] About in-band telnet/ssh support of VPP
Hello Everyone:
As we all knows, the latest VPP version 18.10 support telnet.
We can set the conf file like this to monitor the remote telnet request:
unix {
cli-listen localhost 5002 or cli-listen 192.168.xxxx 5002
.....
But actually the IP/Port pair we are listening is the "in-band" interface.
That means that interface belongs to the Linux host system(not the dedicate NIC
pre-allocated for VPP)
Is there any solution for telnet/ssh toward the VPP in-band interface?
(Provide telnet/ssh support for in-band interface is very important when we
managed to build a gateway/router device
over bare metal machine, since we cannot guarantee we can involve additional
out-band interface with any topology and product cost limitation)
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#11429): https://lists.fd.io/g/vpp-dev/message/11429
Mute This Topic: https://lists.fd.io/mt/28320167/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
