Remote control

The remote execution of SSH commands is the recommended method to control DPI from another computer. Billing systems typically have the built in support of this control method.

The alternative remote control methods are: remote execution of fdpi_ctrl utility and installation of an additional remote control SW on DPI server, like telnet server and similar. You can use the snmp agent to remotely monitor the operation of CentOS and VEOS.

Remote execution of SSH commands

We advise to authenticate users by public keys to execute command on DPI server remotely by SSH with no need to enter password.

To use this method: on the control server:

  1. We create a pair of public and private keys:
    ssh-keygen -t rsa

    Default values should be selected in the dialogue. Passphrase should be left empty for convenience1)

  2. We copy the public key to DPI server:
    ssh-copy-id dpi_user@dpi_host 
    or manually:
    cat ~/.ssh/id_rsa.pub | ssh dpi_user@dpi_host "mkdir -p ~/.ssh && cat >>  ~/.ssh/authorized_keys"

Then we check and fix the rights on file authorized_keys on DPI server:

chmod 700 ~dpi_user/.ssh/
chmod 600 ~dpi_user/.ssh/authorized_keys
restorecon -Rv ~dpi_user/.ssh/

Next, we check the operation of the remote execution of fdpi_ctrl from the control server:

ssh dpi_user@dpi_host "fdpi_ctrl load --service 6 --login test"

In case this instruction does not work, try to find some hints in the log file /var/log/secure on DPI server. One can also switch the diagnostic mode on SSH: ssh -v …

Remote execution of fdpi_ctrl utility

To execute fdpi_ctrl utility remotely one has to make the following actions:

  1. To enable listening for the network control interface in DPI configuration file /etc/dpi/fastdpi.conf:
    ctrl_dev=eth0
  2. To open the access to the port configured by ctrl_port in firewall settings /etc/sysconfig/iptables and to limit an access to DPI host from the control server only:
    -A INPUT -m state --state NEW -m tcp -s 192.168.0.2 -p tcp --dport 2900 -j ACCEPT
  3. To copy fdpi_ctrl utility to the control server and start it with an argument -r host:port:
    fdpi_ctrl load --service 6 --login test -r 192.168.0.1:2900

:!: Please take care to update fdpi_ctrl on the control server on each DPI update.

1)
Alternatively, one can use the functionality of ssh-agent to store passwords