I'm interested in implementing a knox service that implements full shell access to hosts within a hadoop cluster. The point of doing so is to provide administrative auditing capability for all cluster user accounts, including privileged users. A smaller number of users would have access to the knox host than the full cluster.
My current thinking on how to do this is to implement a servlet. Using a GET or POST request, the request body would be passed to standard in, and the response body would contain standard out. Knox itself would use ssh public key based login to connect as a knox user to the other cluster hosts, and then use a combinaiton of sudo and exec commands to change the shell to the appropriate user. Knox would set up a hadoop delegation token so the user could interact normally with Hadoop. Another option could be to start a java based SSH server on another (non-22) port and perform normal tunneling, probably by adding an interactive shell that asks what host the user would like to connect to. This has the advantage of basically looking like a normal SSH connection. I noticed this is not how the Knox DSL is implemented, which seems to use some session state. Can anyone discuss the motivations for doing this? Does the community have any opinions on how best to go about providing audited secure shell access?
