Chapter 8. Using Remote Connections to Manage a Container


It does not always make sense to use a local console to manage a container. Red Hat JBoss Fuse has a number of ways of remotely managing a container. You can use a remote container's command console or start a remote client.

8.1. Configuring a Container for Remote Access


When you start the Red Hat JBoss Fuse runtime in default mode or in server mode, it enables a remote console that can be accessed over SSH from any other JBoss Fuse console. The remote console provides all of the functionality of the local console and allows a remote user complete control over the container and the services running inside of it.
When run in client mode the JBoss Fuse runtime disables the remote console.

Configuring a container for remote access

The SSH hostname and port number are configured in the InstallDir/etc/ configuration file. Example 8.1, “Changing the Port for Remote Access” shows a sample configuration that changes the port used to 8102.

Example 8.1. Changing the Port for Remote Access

Default settings (shown in Table 8.1) are provided for both the mac (message authentication code) and cipher (ciphers allowed for protocol version 2) properties. You can change these defaults by entering mac = <macName1>,<macName2>,<macNameN> and cipher = <cipherName1>,<cipherName2>,<cipherNameN> entries in the etc/ file.

Table 8.1. Default options for mac and cipher properties

Entries in the etc/ file override the default settings, so you need to specify all options you want to use. Table 8.2, “Supported options for mac and cipher properties” shows all of the supported mac and cipher options.
For either property, you must enter multiple options in a comma-separated list that contains no white space. The order in which options appear in the list is insignificant, as the client determines which option to use.

Table 8.2. Supported options for mac and cipher properties

mac hmac-sha1, hmac-sha1-96, hmac-md5, hmac-md5-96
cipher aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, aes192-cbc, aes256-cbc, arcfour128, arcfour256, blowfish-cbc, 3des-cbc
Because of vulnerability issues, we recommend that you avoid using 96-bit and MD5-based HMAC algorithms, and use CTR, instead of CBC, mode ciphers.