Open plorenz opened 3 days ago
@plorenz For the question
Should it be 127.0.0.1 instead of localhost?
IMO, I would go with 127.0.0.1 instead of localhost. The localhost is still a resolvable name & therefore can be redirected to something other than 127.0.0.1.
Allow SSH to controllers and routers over the mgmt and control channels.
Note: Both the
enabled
andenableExperimentalFeature
flags must be set to true.Using a local ssh server. If dialing a local service, the format must be
127.0.0.1:<port>
. No external IP or hostname may be used.If there's no ssh server running, an embedded ssh server may be used.
If you want to enable the feature, but don't want ssh access enabled on the controller itself, don't specify a destination.
Example:
The feature must be enabled on each controller and router you want to access. Because access to routers is through a controller, the feature must be enabled on both the controller and the router, though as noted above, ssh access to the controller itself is not necessary.
Example use:
ziti fabric ssh --key /path/to/keyfile ctrl_client
ziti fabric ssh --key /path/to/keyfile ubuntu@ctrl_client
ziti fabric ssh --key /path/to/keyfile -u ubuntu ctrl_client
ssh -i ~/.fablab/instances/smoketest/ssh_private_key.pem -o ProxyCommand='ziti fabric ssh router-east-1 --proxy-mode' ubuntu@router-east-1
scp -i ~/.fablab/instances/smoketest/ssh_private_key.pem -o ProxyCommand='ziti fabric ssh ctrl1 --proxy-mode' ubuntu@ctrl1:./fablab/bin/ziti .