====== Remote control ======
{{indexmenu_n>10}}
[[en:dpi:dpi_components:platform:subscriber_management:subsman_remote#remote_execution_of_ssh_commands|The remote execution of SSH commands]] is the recommended method to control DPI from another computer. Billing systems typically have the built in support of this control method.
The alternative remote control methods are: [[en:dpi:dpi_components:platform:subscriber_management:subsman_remote#remote_execution_of_fdpi_ctrl_utility|remote execution of fdpi_ctrl utility]] and installation of an additional remote control SW on DPI server, like telnet server and similar. You can use the snmp agent to remotely monitor the operation of CentOS and [[en:veos:installation|VEOS]].
===== Remote execution of SSH commands =====
We advise to authenticate users by public keys to execute command on DPI server remotely by SSH with no need to enter password.
To use this method: on the control server:
- We create a pair of public and private keys:ssh-keygen -t rsa
Default values should be selected in the dialogue. Passphrase should be left empty for convenience((Alternatively, one can use the functionality of ssh-agent to store passwords))
- We copy the public key to DPI server:ssh-copy-id dpi_user@dpi_host
or manually:
cat ~/.ssh/id_rsa.pub | ssh dpi_user@dpi_host "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Then we check and fix the rights on file authorized_keys on DPI server:chmod 700 ~dpi_user/.ssh/
chmod 600 ~dpi_user/.ssh/authorized_keys
restorecon -Rv ~dpi_user/.ssh/
Next, we check the operation of the remote execution of fdpi_ctrl from the control server:
ssh dpi_user@dpi_host "fdpi_ctrl load --service 6 --login test"
In case this instruction does not work, try to find some hints in the log file /var/log/secure on DPI server. One can also switch the diagnostic mode on SSH: ssh -v …
===== Remote execution of fdpi_ctrl utility =====
To execute fdpi_ctrl utility remotely one has to make the following actions:
- To enable listening for the network control interface in DPI configuration file /etc/dpi/fastdpi.conf:ctrl_dev=eth0
- To open the access to the port configured by ctrl_port in firewall settings /etc/sysconfig/iptables and to limit an access to DPI host from the control server only: -A INPUT -m state --state NEW -m tcp -s 192.168.0.2 -p tcp --dport 2900 -j ACCEPT
- To copy fdpi_ctrl utility to the control server and start it with an argument -r host:port:fdpi_ctrl load --service 6 --login test -r 192.168.0.1:2900
:!: Please take care to update fdpi_ctrl on the control server on each DPI update.