Difference between revisions of "VPP/HostStack/LDP/sshd"
Florin.coras (Talk | contribs) (→Running the client) |
Florin.coras (Talk | contribs) (→sshd with LD_PRELOAD) |
||
Line 1: | Line 1: | ||
= sshd with LD_PRELOAD = | = sshd with LD_PRELOAD = | ||
− | Example of how to run sshd via | + | Example of how to run sshd via ldp and vcl on top of vpp's host stack. This is known to work as of vpp [https://gerrit.fd.io/r/#/c/16342/ gerrit 16342] with OpenSSH 7.6p1 on Ubuntu 18.04.1. |
To run the test two hosts with networking connectivity are needed: | To run the test two hosts with networking connectivity are needed: |
Revision as of 02:43, 5 December 2018
sshd with LD_PRELOAD
Example of how to run sshd via ldp and vcl on top of vpp's host stack. This is known to work as of vpp gerrit 16342 with OpenSSH 7.6p1 on Ubuntu 18.04.1.
To run the test two hosts with networking connectivity are needed:
- server where vpp and sshd run
- client where the ssh client runs on top of the linux host stack
Server configuration
Since this is experimental work, it is recommended to start vpp in debug mode with the following additions to startup.conf:
unix { gid vpp } session { evt_qs_memfd_seg } socksvr { socket-name /tmp/vpp-api.sock}
These ensure that vpp starts with gid vpp, the session layer uses a memfd segment for event queues and that the binary api can work with a socket transport. It is also important that the user that starts vpp is a member of the vpp group.
The minimal vcl startup configuration in /etc/vpp/vcl.conf
should be:
vcl { heapsize 64M rx-fifo-size 4000000 tx-fifo-size 4000000 api-socket-name /tmp/vpp-api.sock }
To startup sshd run:
sudo LD_PRELOAD=$LDP_PATH sshd -f $CFG_FILE -4 -r -D
LDP_PATH
is the path to the LD_PRELOAD library built by vpp. Typically you can find this under build-root/build-vpp_debug-native/vpp/lib/libvcl_ldpreload.so
. The CFG_FILE
is a customized sshd file. In particular, the following things have been changed compared to the default /etc/ssh/sshd_config:
Port 2222 HostKey /path/to/valid/ssh_host_rsa_key PidFile /tmp/vcl_sshd.pid
The rest of the options limit network connectivity to IPv4 and set flags that force sshd not to re-execute and daemonize.
Running the client
Assuming that the client will do public key authentication with the server and that the keys have been properly configured, on the client linux host do:
ssh -p 2222 <server_ip>
At this point you should be logged into the server. To see the ssh session in vpp cli do:
sh session verbose