I''ve seen some hosts who pass their customers a username/pw. When the customer logs in they get console access to their VPS. How can this be done on ''plain xen'' ? Thanks, Mark
On Thu, Dec 22, 2011 at 4:49 PM, Mark van Dijk <mark@internecto.net> wrote:> I''ve seen some hosts who pass their customers a username/pw. When the > customer logs in they get console access to their VPS. How can this be > done on ''plain xen'' ?Short version: you can''t. Not easily anyway. Long version: text console access to xen is normally done using "xm console domU_name". If you want to this to be accessible via ssh, the easiest steps would probably be to create a user who will automatically execute that command during login. Something like http://oreilly.com/catalog/sshtdg/chapter/ch08.html#22858 -- Fajar
Am Donnerstag, 22. Dezember 2011, 10:49:35 schrieb Mark van Dijk:> I''ve seen some hosts who pass their customers a username/pw. When the > customer logs in they get console access to their VPS. How can this be > done on ''plain xen'' ?hmmm, not shure what you mean, but usually DomU users can access their machines by ssh over their DomU''s IP: ssh <domU IP> Or what do you mean here? cheers, Niels. -- --- Niels Dettenbach Syndicat IT&Internet http://www.syndicat.com/ _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
On Thu, Dec 22, 2011 at 1:49 AM, Mark van Dijk <mark@internecto.net> wrote:> I''ve seen some hosts who pass their customers a username/pw. When the > customer logs in they get console access to their VPS. How can this be > done on ''plain xen'' ? > > Thanks, > Mark > > > Mark,When I was using plain xen I set up sudoers files via a script for each user. They could ssh into the Dom0 and sudo xm console to their vm. It only allowed them to sudo to THEIR vm and nobody elses. Because the script created their VM disks, VM config files, Dom0 user account and sudoers file for the /etc/sudoers.d/ directory (sudo 1.7.2 and newer needed) it all got it right and it was easy. Now with XCP I don''t allow it because text consoles are bit funky. I''m using XVP to give them a graphical console. Grant McWilliams http://grantmcwilliams.com/ Some people, when confronted with a problem, think "I know, I''ll use Windows." Now they have two problems. _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Am Donnerstag, 22. Dezember 2011, 02:26:44 schrieb Grant McWilliams:> When I was using plain xen I set up sudoers files via a script for each > user. They could ssh into the Dom0 and sudo xm console to their vm. It only > allowed them to sudo to THEIR vm and nobody elses. Because the script > created their VM disks, VM config files, Dom0 user account and sudoers file > for the /etc/sudoers.d/ directory (sudo 1.7.2 and newer needed) it all got > it right and it was easy.As an alternative to this solution you may build / configure your own login shell for such users, avoiding that they have direct shell access and allowing them more functionality - i.e. to provide them further domain maintenance tasks. By just searching around i#ve found something like "xen-shell": http://xen-tools.org/software/xen-shell/commands.html which may usuably directly for this - or with slight modifications to shrink access rights more down if required. But may be ther are others solutions / projects with similiar functionality? Will give it a try byself now... cheers, Niels. -- --- Niels Dettenbach Syndicat IT&Internet http://www.syndicat.com/ _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
2011/12/22 Niels Dettenbach <nd@syndicat.com>:> which may usuably directly for this - or with slight modifications to shrink > access rights more down if required. But may be ther are others solutions / > projects with similiar functionality? > > Will give it a try byself now...DTC-Xen has this as a standard feature, you have a user entry per VM on the host I think. And it also handles upload of ISOs for HVM domUs via the same feature. (Those ISOs are not counted into the user''s quota though, and for HVM you''re forced to use VNC instead of SSHing into a serial console) You can look at the sources here: http://git.gplhost.com/dtc-xen.git/ It does many more things, but is only intended to run in tie with the DTC hosting software. Still it might be a very good starting point, since it''s in active development. There''s also a recording of a Xen summit Asia talk about DTC which should be easy to find. Florian -- the purpose of libvirt is to provide an abstraction layer hiding all xen features added since 2006 until they were finally understood and copied by the kvm devs.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Florian Heigl <florian.heigl@gmail.com> schrieb: does many more things, but is only intended to run in tie with the>DTC hosting software. Still it might be a very good starting point, >since it''s in active development.yes, xen-shell is currently under no further developement, but - on the other hand - it does anything most users want from such a login shell. Multiple users and allowed commands by user or all could be configured within the xen configs and/or xen-shell config in etc. It could be used for managing rdns and reinstall an instance of a user. Not at least, it is open, simple and small enough to fit it to any personal needs if required, especially if you prefer doing things simple. cheers, Niels. - -- Niels Dettenbach Syndicat IT&Internet http://www.syndicat.com -----BEGIN PGP SIGNATURE----- Version: APG v1.0.8 iIEEAREIAEEFAk7zYss6HE5pZWxzIERldHRlbmJhY2ggKFN5bmRpY2F0IElUJklu dGVybmV0KSA8bmRAc3luZGljYXQuY29tPgAKCRBU3ERlZRyiDffUAJ9YgBl0luhK 2TfS9nepO8JGz2tFGgCfYYIf6UHyc584SSyAn5UQkRFiBS4=/fvP -----END PGP SIGNATURE-----