Chapter 8. Using Remote Connections to Manage a Container

Abstract

It does not always make sense to use a local console to manage a container. Red Hat JBoss Fuse has a number of ways of remotely managing a container. You can use a remote container's command console or start a remote client.

8.1. Configuring a Container for Remote Access

Overview

When you start the Red Hat JBoss Fuse runtime in default mode or in server mode, it enables a remote console that can be accessed over SSH from any other JBoss Fuse console. The remote console provides all of the functionality of the local console and allows a remote user complete control over the container and the services running inside of it.
Note
When run in client mode the JBoss Fuse runtime disables the remote console.

Configuring a container for remote access

The SSH hostname and port number are configured in the InstallDir/etc/org.apache.karaf.shell.cfg configuration file. Example 8.1, “Changing the Port for Remote Access” shows a sample configuration that changes the port used to 8102.

Example 8.1. Changing the Port for Remote Access

sshPort=8102
sshHost=0.0.0.0
Default settings (shown in Table 8.1) are provided for both the mac (message authentication code) and cipher (ciphers allowed for protocol version 2) properties. You can change these defaults by entering mac = <macName1>,<macName2>,<macNameN> and cipher = <cipherName1>,<cipherName2>,<cipherNameN> entries in the etc/org.apache.karaf.shell.cfg file.

Table 8.1. Default options for mac and cipher properties

PropertyDefault
machmac-sha1
cipheraes256-ctr,aes192-ctr,aes128-ctr,arcfour256
Entries in the etc/org.apache.karaf.shell.cfg file override the default settings, so you need to specify all options you want to use. Table 8.2, “Supported options for mac and cipher properties” shows all of the supported mac and cipher options.
For either property, you must enter multiple options in a comma-separated list that contains no white space. The order in which options appear in the list is insignificant, as the client determines which option to use.

Table 8.2. Supported options for mac and cipher properties

PropertyOptions
mac hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96
cipher aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, arcfour128, arcfour256, blowfish-cbc, 3des-cbc
Important
Because of vulnerability issues, we recommend that you avoid using 96-bit and MD5-based HMAC algorithms, and use CTR, instead of CBC, mode ciphers.