Re: [vpp-dev] About in-band telnet/ssh support of VPP

Tue, 27 Nov 2018 08:20:51 -0800 

We’re working on adding support via LDP/VCL but anything not finished is pretty 
much unusable. We’re trying to finish it as soon as possible but no idea if 
it’ll make it into 19.01

Florin

> On Nov 27, 2018, at 6:08 AM, tianye <tiany...@sina.com> wrote:
> 
> That is a in-band solution.
> No fun :-)
> 
> 
> 在 2018年11月27日,20:38,Dave Barach (dbarach) <dbar...@cisco.com 
> <mailto:dbar...@cisco.com>> 写道:
> 
>> If you want/need a solution 90 seconds ago, take a look 
>> here:https://wiki.fd.io/view/VPP/VPP_Home_Gateway 
>> <https://wiki.fd.io/view/VPP/VPP_Home_Gateway>
>>  
>> Add a user (“admin”, maybe?) whose login shell is vppctl, and you’re done.
>>  
>> Please don’t create a gigantic security hole.
>>  
>> D.
>>  
>> From: tianye@sina <tiany...@sina.com <mailto:tiany...@sina.com>> 
>> Sent: Tuesday, November 27, 2018 12:19 AM
>> To: 'Hu, Xuekun' <xuekun...@intel.com <mailto:xuekun...@intel.com>>; Dave 
>> Barach (dbarach) <dbar...@cisco.com <mailto:dbar...@cisco.com>>; 
>> vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io>
>> Subject: RE: [vpp-dev] About in-band telnet/ssh support of VPP
>>  
>> Partially completed work will also be welcome if you agree to share.
>> Or you can just push your temporary work to sandbox gerrit so that anyone 
>> could get some idea about how to porting.
>> You never understand how we need it J
>>  
>> From: Hu, Xuekun [mailto:xuekun...@intel.com <mailto:xuekun...@intel.com>] 
>> Sent: Tuesday, November 27, 2018 12:58 PM
>> To: dbar...@cisco.com <mailto:dbar...@cisco.com>; tianye@sina; 
>> vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io>
>> Subject: RE: [vpp-dev] About in-band telnet/ssh support of VPP
>>  
>> Dave, can you estimate when the sshd work to be done? We really like this 
>> feature.
>> Thanks. 
>>  
>>  <>From: vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io> 
>> <vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io>> On Behalf Of Dave Barach 
>> via Lists.Fd.Io
>> Sent: Monday, November 26, 2018 8:42 PM
>> To: tianye@sina <tiany...@sina.com <mailto:tiany...@sina.com>>; 
>> vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io>
>> Cc: vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io>
>> Subject: Re: [vpp-dev] About in-band telnet/ssh support of VPP
>>  
>> Please do not use the vpp host stack to listen to port 23 (telnet) on a 
>> network-facing interface. You could do that, but please don’t do that.
>>  
>> All you would need to add is a well-known default password, and you would 
>> have created a super-trivial attack surface for your product.
>>  
>> Florin and I are working to crank up sshd over the host stack. No guaranteed 
>> end-date, but it’s coming...
>>  
>> D.
>>  
>> From: vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io> <vpp-dev@lists.fd.io 
>> <mailto:vpp-dev@lists.fd.io>> On Behalf Of tianye@sina
>> Sent: Sunday, November 25, 2018 9:10 PM
>> To: vpp-dev@lists.fd.io <mailto:vpp-dev@lists.fd.io>
>> Subject: [vpp-dev] About in-band telnet/ssh support of VPP
>>  
>> Hello Everyone:
>>  
>> As we all knows, the latest VPP version 18.10 support telnet.
>> We can set the conf file like this to monitor the remote telnet request:
>> unix {
>>   cli-listen localhost 5002 or cli-listen 192.168.xxxx 5002
>>   …..
>>  
>> But actually the IP/Port pair we are listening is the “in-band” interface.
>> That means that interface belongs to the Linux host system(not the dedicate 
>> NIC pre-allocated for VPP)
>> Is there any solution for telnet/ssh toward the VPP in-band interface?
>> (Provide telnet/ssh support for in-band interface is very important when we 
>> managed to build a gateway/router device
>> over bare metal machine, since we cannot guarantee we can involve additional 
>> out-band interface with any topology and product cost limitation)
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> 
> View/Reply Online (#11431): https://lists.fd.io/g/vpp-dev/message/11431 
> <https://lists.fd.io/g/vpp-dev/message/11431>
> Mute This Topic: https://lists.fd.io/mt/28320167/675152 
> <https://lists.fd.io/mt/28320167/675152>
> Group Owner: vpp-dev+ow...@lists.fd.io <mailto:vpp-dev+ow...@lists.fd.io>
> Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub 
> <https://lists.fd.io/g/vpp-dev/unsub>  [fcoras.li...@gmail.com 
> <mailto:fcoras.li...@gmail.com>]
> -=-=-=-=-=-=-=-=-=-=-=-


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.

View/Reply Online (#11432): https://lists.fd.io/g/vpp-dev/message/11432
Mute This Topic: https://lists.fd.io/mt/28320167/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub  [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to