[asterisk-users] remote Asterisk console

Paul Neuwirth mail at paul-neuwirth.nl
Tue Jan 16 11:19:30 CST 2018


On Tue, 16 Jan 2018 18:18:18 +0200
Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:

> On Tue, Jan 16, 2018 at 11:05:01AM +0100, Paul Neuwirth wrote:
> > Hello group,
> > 
> > what is the preferred method to connect to asterisk cli over
> > network? I need to run asterisk cli commands remotely.  
> 
> As others have mentioned: the manager interface is normally better for
> running over network.
> 
> The manager interface also has an action calld 'Command' that runs a
> CLI command. In fact, contrib/scripts/astcli uses it to allow
> providing a remote console.
> 
> Permissions needed for your manager user: For most things just:
> 
> write=command
> 
> To also be able to originate calls:
> 
> write=command,originate
> 
> To also be able to restart / reload:
> 
> write=command,system
> 
> > Sharing the unix socket through NFS, if that's working?  
> 
> No.
> 
> > Or any other approaches, despite using SSH or rlogin, rsh.  
> 
> SSH: should work, sure. However, it means you ssh to root at the
> remote host. Better set a key with 'command' explicitly set in
> authorized_keys for this.
> 
> Rlogin, rsh: seriously? Anybody still uses those? Not only are they
> way less secure than SSH, they are also way less conveninet than any
> decent SSH implementation.
> 
> Anyway, as mentioned before: you should probably use AMI.
> 

Thank you both. That was (most likely) what I was looking for - but
still some worries about sending plaintext passwords... For my simple
commands a simple netcat command works for me. Previously used asterisk
-rx in scripts. But now asterisk servers and other processes are split
over multiple physical servers.
A binary or script, making use of encryption and miming asterisk -r
would be best. I am wondering, why such a tool is not part of asterisk
itself... maybe I give this a try setting up a user (group asterisk)
with asterisk -r as "login shell".. and use ssh.. or something like
that. It should be that safe, no other commands can be executed..



More information about the asterisk-users mailing list