What is the usage of '--management-password' parameter?

[galaxyskyknight]

Hello, How I use this parameter? Whatever I configure it to edge configue file or supernode configure file, it doesnt'work ( I mean when I use 'nc -u localhost 5644(edge) or 5645 (SN)' there is no any prompts that required me to input password before dump all the info?

what is the senario to use this parameter?

[hamishcoleman]

The newer JSON based management API requires authentication for some of the method calls that can be made and this parameter sets the password used for that interface.

We expect that the old ad-hoc management commands will be removed sometime during the 3.1 development cycle, thus ensuring that all calls can be authenticated if needed.

[GreatMichaelLee]

The newer JSON based management API requires authentication for some of the method calls that can be made and this parameter sets the password used for that interface.

We expect that the old ad-hoc management commands will be removed sometime during the 3.1 development cycle, thus ensuring that all calls can be authenticated if needed.

oh,no, you can keep the JSON things, but not remove the local nc interface, it is more convinence that to do the maintenance/monitoring job on the linux shell. thanks, since there is linux user login authentication to get the shell first, its ok wether there is any edge/sn authentication there or not after shell login via local linux shell command. just curious to this parameter's senario.

[Logan007]

but not remove the local nc interface

We will probably have to completely shift to JSON because it will be hard to maintain two different interfaces.

And there are good reasons to prefer the more general JSON interface as we can "plug" different utilities or tools into the management port then. This includes the scripts/n2n-ctl command-line tool (which imitates the current netcat output to some extent, but more flexible, so you would have a good replacement here), http-server scripts/n2n-httpd, event-driven tools (for example, change routes on connect / disconnect events, ... – to be developed) and more.

This decoupling of n2n's core from the non-core functionalities will make the whole n2n ecosystem way more flexible.

[galaxyskyknight]

I prefer to a CLI command maintenance tool whatever it is raw linux command/utils or the tools you encapsulated command-line tool but just keep it in CLI command way in local, becoz the httpd server requires extra ports and public IP resource to serve it to external/outside of local LAN and it MAY not affordable or achievable in some edge/sn deployed servers as there are only remote shell access at all.

[Logan007]

CLI command maintenance tool

keep it in CLI command way in local

The current scripts/n2n-ctl will serve you well then.

the httpd server requires extra ports and public IP resource

The management port should preferably be kept local only. In case you want to use the scripts/n2n-httpd, you could also keep its port local and access it either by port forwarding (ssh -L 8080:localhost:8080 ...) or, if you prefer command line, lynx or browsh can be interesting alternatives.

[jradxl]

Thanks for the great explanation, I was puzzling this too!! Have a look at the way ZeroTier does it, and the CLI scripts someone has written for it! https://docs.zerotier.com/self-hosting/network-controllers https://github.com/thedunston/bash_cli_zt Someone clever (not me) could co-op the Web Network-Controllers that have been written See https://github.com/zerotier/awesome-zerotier#zerotier-self-hosting

But having tried to configure a Moon, I do think the whole thing is on a different Planet, which is why I was looking here!!!!

[Logan007]

considered answered, please re-open if required