Chapter 8. Using Remote Connections to Manage a Container
Abstract
It does not always make sense to use a local console to manage a container. Red Hat JBoss Fuse has a number of ways of remotely managing a container. You can use a remote container's command console or start a remote client.
8.1. Configuring a Container for Remote Access
Overview
When you start the Red Hat JBoss Fuse runtime in default mode or in server mode, it enables a remote console that can be accessed over SSH from any other JBoss Fuse console. The remote console provides all of the functionality of the local console and allows a remote user complete control over the container and the services running inside of it.
Note
When run in client mode the JBoss Fuse runtime disables the remote console.
Configuring a container for remote access
The SSH hostname and port number are configured in the
InstallDir/etc/org.apache.karaf.shell.cfg
configuration file. Example 8.1, “Changing the Port for Remote Access” shows a sample configuration that changes the port used to 8102.
Example 8.1. Changing the Port for Remote Access
sshPort=8102 sshHost=0.0.0.0
Default settings (shown in Table 8.1) are provided for both the mac (message authentication code) and cipher (ciphers allowed for protocol version 2) properties. You can change these defaults by entering
mac = <macName1>,<macName2>,<macNameN>
and cipher = <cipherName1>,<cipherName2>,<cipherNameN>
entries in the etc/org.apache.karaf.shell.cfg
file.
Property | Default |
---|---|
mac | hmac-sha1 |
cipher | aes256-ctr,aes192-ctr,aes128-ctr,arcfour256 |
Entries in the
etc/org.apache.karaf.shell.cfg
file override the default settings, so you need to specify all options you want to use. Table 8.2, “Supported options for mac and cipher properties” shows all of the supported mac and cipher options.
For either property, you must enter multiple options in a comma-separated list that contains no white space. The order in which options appear in the list is insignificant, as the client determines which option to use.
Property | Options |
---|---|
mac | hmac-sha1 , hmac-sha1-96 , hmac-md5 , hmac-md5-96 |
cipher | aes128-ctr , aes192-ctr , aes256-ctr , aes128-cbc , aes192-cbc , aes256-cbc , arcfour128 , arcfour256 , blowfish-cbc , 3des-cbc |
Important
Because of vulnerability issues, we recommend that you avoid using 96-bit and MD5-based HMAC algorithms, and use CTR, instead of CBC, mode ciphers.