That is a in-band solution. No fun :-)
> 在 2018年11月27日,20:38,Dave Barach (dbarach) <dbar...@cisco.com> 写道: > > If you want/need a solution 90 seconds ago, take a look here: > https://wiki.fd.io/view/VPP/VPP_Home_Gateway > > Add a user (“admin”, maybe?) whose login shell is vppctl, and you’re done. > > Please don’t create a gigantic security hole. > > D. > > From: tianye@sina <tiany...@sina.com> > Sent: Tuesday, November 27, 2018 12:19 AM > To: 'Hu, Xuekun' <xuekun...@intel.com>; Dave Barach (dbarach) > <dbar...@cisco.com>; vpp-dev@lists.fd.io > Subject: RE: [vpp-dev] About in-band telnet/ssh support of VPP > > Partially completed work will also be welcome if you agree to share. > Or you can just push your temporary work to sandbox gerrit so that anyone > could get some idea about how to porting. > You never understand how we need it J > > From: Hu, Xuekun [mailto:xuekun...@intel.com] > Sent: Tuesday, November 27, 2018 12:58 PM > To: dbar...@cisco.com; tianye@sina; vpp-dev@lists.fd.io > Subject: RE: [vpp-dev] About in-band telnet/ssh support of VPP > > Dave, can you estimate when the sshd work to be done? We really like this > feature. > Thanks. > > From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Dave Barach via > Lists.Fd.Io > Sent: Monday, November 26, 2018 8:42 PM > To: tianye@sina <tiany...@sina.com>; vpp-dev@lists.fd.io > Cc: vpp-dev@lists.fd.io > Subject: Re: [vpp-dev] About in-band telnet/ssh support of VPP > > Please do not use the vpp host stack to listen to port 23 (telnet) on a > network-facing interface. You could do that, but please don’t do that. > > All you would need to add is a well-known default password, and you would > have created a super-trivial attack surface for your product. > > Florin and I are working to crank up sshd over the host stack. No guaranteed > end-date, but it’s coming... > > D. > > From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of tianye@sina > Sent: Sunday, November 25, 2018 9:10 PM > To: vpp-dev@lists.fd.io > Subject: [vpp-dev] About in-band telnet/ssh support of VPP > > Hello Everyone: > > As we all knows, the latest VPP version 18.10 support telnet. > We can set the conf file like this to monitor the remote telnet request: > unix { > cli-listen localhost 5002 or cli-listen 192.168.xxxx 5002 > ….. > > But actually the IP/Port pair we are listening is the “in-band” interface. > That means that interface belongs to the Linux host system(not the dedicate > NIC pre-allocated for VPP) > Is there any solution for telnet/ssh toward the VPP in-band interface? > (Provide telnet/ssh support for in-band interface is very important when we > managed to build a gateway/router device > over bare metal machine, since we cannot guarantee we can involve additional > out-band interface with any topology and product cost limitation)
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#11431): https://lists.fd.io/g/vpp-dev/message/11431 Mute This Topic: https://lists.fd.io/mt/28320167/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
