Chapter 8. Using Remote Connections to Manage a Container
It does not always make sense to use a local console to manage a container. Red Hat JBoss Fuse has a number of ways of remotely managing a container. You can use a remote container's command console or start a remote client.
8.1. Configuring a Container for Remote Access
When you start the Red Hat JBoss Fuse runtime in default mode or in server mode, it enables a remote console that can be accessed over SSH from any other JBoss Fuse console. The remote console provides all of the functionality of the local console and allows a remote user complete control over the container and the services running inside of it.
When run in client mode the JBoss Fuse runtime disables the remote console.
Configuring a container for remote access
The SSH hostname and port number are configured in the
InstallDir/etc/org.apache.karaf.shell.cfg configuration file. Example 8.1, “Changing the Port for Remote Access” shows a sample configuration that changes the port used to 8102.
Example 8.1. Changing the Port for Remote Access
Default settings (shown in Table 8.1) are provided for both the mac (message authentication code) and cipher (ciphers allowed for protocol version 2) properties. You can change these defaults by entering
mac = <macName1>,<macName2>,<macNameN> and
cipher = <cipherName1>,<cipherName2>,<cipherNameN> entries in the
Table 8.1. Default options for mac and cipher properties
Entries in the
etc/org.apache.karaf.shell.cfg file override the default settings, so you need to specify all options you want to use. Table 8.2, “Supported options for mac and cipher properties” shows all of the supported mac and cipher options.
For either property, you must enter multiple options in a comma-separated list that contains no white space. The order in which options appear in the list is insignificant, as the client determines which option to use.
Table 8.2. Supported options for mac and cipher properties
Because of vulnerability issues, we recommend that you avoid using 96-bit and MD5-based HMAC algorithms, and use CTR, instead of CBC, mode ciphers.