Remote control [Документация VAS Experts]
Документация VAS Experts Документация VAS Experts-mobile
in

Settings

  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks
  • Show page
  • Old revisions
  • Export to PDF
  • Fold/unfold all
  • Backlinks

    • Differences

    This shows you the differences between two versions of the page.

    Link to this comparison view

    Both sides previous revisionPrevious revision
    Next revision    		Previous revision
    en:dpi:dpi_components:platform:subscriber_management:subsman_remote:start [2023/08/30 11:18] elena.krasnobryzhen:dpi:dpi_components:platform:subscriber_management:subsman_remote:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1
    Line 1: Line 1:
    -====== Remote control ====== 
    -{{indexmenu_n>10}} 
    -[[subsman_remote_ssh|The remote execution of SSH commands]] is the recommended method to control DPI from another computer. Billing systems typically have the built in support of this control method. 
      
    -The alternative remote control methods are: [[subsman_remote_ctrl|remote execution of fdpi_ctrl utility]] and installation of an additional remote control SW on DPI server, like telnet server and similar. You can use the snmp agent to remotely monitor the operation of CentOS and [[en:veos:installation|VEOS]]. 
    - 
    -===== Remote execution of SSH commands ===== 
    - 
    -We advise to authenticate users by public keys to execute command on DPI server remotely by SSH with no need to enter password. 
    - 
    -To use this method: on the control server: 
    -  - We create a pair of public and private keys:<code>ssh-keygen -t rsa</code>Default values should be selected in the dialogue. Passphrase should be left empty for convenience((Alternatively, one can use the functionality of ssh-agent to store passwords)) 
    -  - We copy the public key to DPI server:<code>ssh-copy-id dpi_user@dpi_host  
    -or manually: 
    -cat ~/.ssh/id_rsa.pub | ssh dpi_user@dpi_host "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"</code> 
    - 
    -Then we check and fix the rights on file authorized_keys on DPI server:<code>chmod 700 ~dpi_user/.ssh/ 
    -chmod 600 ~dpi_user/.ssh/authorized_keys 
    -restorecon -Rv ~dpi_user/.ssh/</code> 
    - 
    -Next, we check the operation of the remote execution of fdpi_ctrl from the control server: 
    -<code> 
    -ssh dpi_user@dpi_host "fdpi_ctrl load --service 6 --login test" 
    -</code> 
    -In case this instruction does not work, try to find some hints in the log file /var/log/secure on DPI server. One can also switch the diagnostic mode on SSH: ssh -v … 
    - 
    -===== Remote execution of fdpi_ctrl utility ===== 
    - 
    -To execute fdpi_ctrl utility remotely one has to make the following actions: 
    -  - To enable listening for the network control interface in DPI configuration file /etc/dpi/fastdpi.conf:<code>ctrl_dev=eth0</code>  
    -  - To open the access to the port configured by ctrl_port in firewall settings /etc/sysconfig/iptables and to limit an access to DPI host from the control server only: <code>-A INPUT -m state --state NEW -m tcp -s 192.168.0.2 -p tcp --dport 2900 -j ACCEPT</code> 
    -  - To copy fdpi_ctrl utility to the control server and start it with an argument -r host:port:<code>fdpi_ctrl load --service 6 --login test -r 192.168.0.1:2900</code> 
    - 
    -:!: Please take care to update fdpi_ctrl on the control server on each DPI update.