[clug] Wanted: Developer to securely implement a restricted SSH shell

Steve Walsh steve at nerdvana.org.au
Mon Jan 4 15:53:36 MST 2010

Nathan O'Sullivan wrote:
> I've posted the requirements off list, but to summarise: I need a way 
> to let customers access their Xen domU console ("xm console $DOMAIN") 
> over SSH, while doing our utmost to prevent the customer from doing 
> anything else on the dom0.
Hating to take money away from list members, but would xen shell do what 
you want?


"The Xen shell is a simple console application which allows you to 
easily allow a user to control multiple Xen instances, without the 
overhead of a web-based control panel.

Using this shell users may:

    * Boot/Shutdown their Xen guest.
    * Reboot their Xen guest.
    * Connect to the serial console of their runing Xen guest.
    * Reimage their system to a pristine state, via xen-tools.
    * Manipulate their reverse DNS information
    * Change their login password.

The shell features command history, command completion, and integrated help.

It is ideal for a hosting company which wishes to offer Xen-based 
"virtual machine" to clients. By using the xen-shell clients can 
maintain their own instance, without needing to ask for support staff to 
reboot/shutdown, or otherwise maintain the runnings system.

Security is improved since the client cannot gain access to the host 
system, and can only control their instance, and not those belonging to 
other clients."

Steve Walsh
Vice President / SysAdmin Team member- Linux Australia
Networks and Technology - Linux.conf.au 2008
Evil Network bunny - Linux.conf.au 2009
Geek Emeritus (you fool! You glorious fool!) - Linux.conf.au 2010
I can neither confirm nor deny - Linux.conf.au 2011

More information about the linux mailing list