Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

9.2.  Connecting and Disconnecting Remotely

Abstract

There are two alternative ways of connecting to a remote container. If you are already running an Red Hat JBoss Fuse command shell, you can invoke a console command to connect to the remote container. Alternatively, you can run a utility directly on the command-line to connect to the remote container.

Overview
Copy link

Any container's command console can be used to access a remote container. Using SSH, the local container's console connects to the remote container and functions as a command console for the remote container.

Using the ssh:ssh console command
Copy link

You connect to a remote container's console using the ssh:ssh console command.

Example 9.2. ssh:ssh Command Syntax

ssh:ssh { -l username } { -P password } { -p port } { hostname }

-l username
The username used to connect to the remote container. Use valid JAAS login credentials that have admin privileges (see Chapter 15, Configuring JAAS Security).
-P password
The password used to connect to the remote container.
-p port
The SSH port used to access the desired container's remote console.
By default this value is 8101. See the section called “Configuring a container for remote access” for details on changing the port number.
hostname
The hostname of the machine that the remote container is running on. See the section called “Configuring a container for remote access” for details on changing the hostname.
Warning
We recommend that you customize the username and password in the etc/users.properties file. See Chapter 15, Configuring JAAS Securityfor details.

Example 9.3. Connecting to a Remote Console

JBossFuse:karaf@root>ssh:ssh -l smx -P smx -p 8108 hostname
Copy to Clipboard Toggle word wrap
To confirm that you have connected to the correct container, type shell:info at the prompt. Information about the currently connected instance is returned, as shown in Example 9.4, “Output of the shell:info Command”.

Example 9.4. Output of the shell:info Command

Karaf Karaf version 2.2.5.fuse-beta-7-052 Karaf home /Volumes/ESB/jboss-fuse-full-6.0.0.redhat-0XX Karaf base /Volumes/ESB/jboss-fuse-full-6.0.0.redhat-0XX/instances/child1 OSGi Framework org.apache.felix.framework - 4.0.3.fuse-beta-7-052 JVM Java Virtual Machine Java HotSpot(TM) 64-Bit Server VM version 20.6-b01-415 Version 1.6.0_31 Vendor Apple Inc. Uptime 6 minutes Total compile time 24.048 seconds Threads Live threads 62 Daemon threads 43 Peak 287 Total started 313 Memory Current heap size 78,981 kbytes Maximum heap size 466,048 kbytes Committed heap size 241,920 kbytes Pending objects 0 Garbage collector Name = 'PS Scavenge', Collections = 11, Time = 0.271 seconds Garbage collector Name = 'PS MarkSweep', Collections = 1, Time = 0.117 seconds Classes Current classes loaded 5,720 Total classes loaded 5,720 Total classes unloaded 0 Operating system Name Mac OS X version 10.7.3 Architecture x86_64 Processors 2
Copy to Clipboard Toggle word wrap

Disconnecting from a remote console
Copy link

To disconnect from a remote console, enter logout or press Ctrl+D at the prompt.
You will be disconnected from the remote container and the console will once again manage the local container.

Using the remote client
Copy link

The remote client allows you to securely connect to a remote Red Hat JBoss Fuse container without having to launch a full JBoss Fuse container locally.
For example, to quickly connect to a JBoss Fuse instance running in server mode on the same machine, open a command prompt and run the client[.bat] script (which is located in the InstallDir/bin directory), as follows: 
client
Copy to Clipboard Toggle word wrap
More usually, you would provide a hostname, port, username, and password to connect to a remote instance. If you were using the client within a larger script, for example in a test suite, you could append console commands as follows: 
client -a 8101 -h hostname -u username -p password shell:info
Copy to Clipboard Toggle word wrap
Alternatively, if you omit the -p option, you will be prompted to enter a password.
For a standalone container, use any valid JAAS user credentials that have admin privileges.
For a container in a fabric, the default username and password is admin and admin.
To display the available options for the client, type: 
client --help
Copy to Clipboard Toggle word wrap

Example 9.5. Karaf Client Help

Apache Felix Karaf client -a [port] specify the port to connect to -h [host] specify the host to connect to -u [user] specify the user name -p [password] specify the password --help shows this help message -v raise verbosity -r [attempts] retry connection establishment (up to attempts times) -d [delay] intra-retry delay (defaults to 2 seconds) [commands] commands to run If no commands are specified, the client will be put in an interactive mode
Copy to Clipboard Toggle word wrap

Disconnecting from a remote client console
Copy link

If you used the remote client to open a remote console, as opposed to using it to pass a command, you will need to disconnect from it. To disconnect from the remote client's console, enter logout or press Ctrl+D at the prompt.
The client will disconnect and exit.

Overview
Copy link

You can also use the ssh command-line utility (a standard utility on UNIX-like operating systems) to log in to the Red Hat JBoss Fuse container, where the authentication mechanism is based on public key encryption (the public key must first be installed in the container). For example, given that the container is configured to listen on IP port 8101, you could log in as follows: 
ssh -p 8101 jdoe@localhost
Copy to Clipboard Toggle word wrap
Important
Key-based login is currently supported only on standalone containers, not on Fabric containers.

Prerequisites
Copy link

To use key-based SSH login, the following prerequisites must be satisfied:

Default key location
Copy link

The ssh command automatically looks for the private key in the default key location. It is recommended that you install your key in the default location, because it saves you the trouble of specifying the location explicitly.
On a *NIX operating system, the default locations for an RSA key pair are: 
~/.ssh/id_rsa
~/.ssh/id_rsa.pub
Copy to Clipboard Toggle word wrap
On a Windows operating system, the default locations for an RSA key pair are: 
C:\Documents and Settings\Username\.ssh\id_rsa
C:\Documents and Settings\Username\.ssh\id_rsa.pub
Copy to Clipboard Toggle word wrap
Note
Red Hat JBoss Fuse supports only RSA keys. DSA keys do not work.

Creating a new SSH key pair
Copy link

Generate an RSA key pair using the ssh-keygen utility. Open a new command prompt and enter the following command: 
ssh-keygen -t rsa -b 2048
Copy to Clipboard Toggle word wrap
The preceding command generates an RSA key with a key length of 2048 bits. You will then be prompted to specify the file name for the key pair: 
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/Username/.ssh/id_rsa):
Copy to Clipboard Toggle word wrap
Type return to save the key pair in the default location. You will then be prompted for a pass phrase: 
Enter passphrase (empty for no passphrase):
Copy to Clipboard Toggle word wrap
You can optionally enter a pass phrase here or type return twice to select no pass phrase.
Note
If you want to use the same key pair for running Fabric console commands, it is recommended that you select no pass phrase, because Fabric does not support using encrypted private keys.

Installing the SSH public key in the container
Copy link

To use the SSH key pair for logging into the Red Hat JBoss Fuse container, you must install the SSH public key in the container by creating a new user entry in the InstallDir/etc/keys.properties file. Each user entry in this file appears on a single line, in the following format: 
Username=PublicKey,Role1,Role2,...
Copy to Clipboard Toggle word wrap
For example, given that your public key file, ~/.ssh/id_rsa.pub, has the following contents: 
ssh-rsa AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7
gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnfqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCX
YFCPFSMLzLKSuYKi64QL8Fgc9QAAAnEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6Ewo
FhO3zwkyjMim4TwWeotifI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACB
AKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53Jj7uyk31drV2qxhIOsLDC9dGCWj4
7Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx jdoe@doemachine.local
Copy to Clipboard Toggle word wrap
You can create the jdoe user with the admin role by adding the following entry to the InstallDir/etc/keys.properties file (on a single line): 
jdoe=AAAAB3NzaC1kc3MAAACBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7
gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnfqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAAAAFQCX
YFCPFSMLzLKSuYKi64QL8Fgc9QAAAnEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6Ewo
FhO3zwkyjMim4TwWeotifI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoAAACB
AKKSU2PFl/qOLxIwmBZPPIcJshVe7bVUpFvyl3BbJDow8rXfskl8wO63OzP/qLmcJM0+JbcRU/53Jj7uyk31drV2qxhIOsLDC9dGCWj4
7Y7TyhPdXh/0dthTRBy6bqGtRPxGa7gJov1xm/UuYYXPIUR/3x9MAZvZ5xvE0kYXO+rx,admin
Copy to Clipboard Toggle word wrap
Important
Do not insert the entire contents of the id_rsa.pub file here. Insert just the block of symbols which represents the public key itself.
After starting the container, you can check whether public key authentication is supported by running the jaas:realms console command, as follows: 
Index Realm                Module Class                                                                    
    1 karaf                org.apache.karaf.jaas.modules.properties.PropertiesLoginModule                  
    2 karaf                org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
Copy to Clipboard Toggle word wrap
You should see that the PublickeyLoginModule is installed. With this configuration you can log in to the container using either username/password credentials or public key credentials.

Logging in using key-based SSH
Copy link

You are now ready to login to the container using the key-based SSH utility. For example: 
$ ssh -p 8101 jdoe@localhost _ ____ ______ | | _ \ | ____| | | |_) | ___ ___ ___ | |__ _ _ ___ ___ _ | | _ < / _ \/ __/ __| | __| | | / __|/ _ \ | |__| | |_) | (_) \__ \__ \ | | | |_| \__ \ __/ \____/|____/ \___/|___/___/ |_| \__,_|___/\___| JBoss Fuse (6.0.0.redhat-xxx) http://www.redhat.com/products/jbossenterprisemiddleware/fuse/ Hit '<tab>' for a list of available commands and '[cmd] --help' for help on a specific command. Hit '<ctrl-d>' or 'osgi:shutdown' to shutdown JBoss Fuse. JBossFuse:fbolton@root>
Copy to Clipboard Toggle word wrap
Note
If you are using an encrypted private key, the ssh utility will prompt you to enter the pass phrase.
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat