Hi, it's just something I learned in the past working with the Operating departments. Actually I think it would also be better to not open the SSH port as default configuration and document how to do it if in need. I favor a behavior like Tomcat does, the administration console is not "enabled" cause no credentials are configured. That's why I think we should start with a "secured" default configuration and document how to weaken it if needed :)
regards, Achim 2012/3/28 Freeman Fang <[email protected]>: > Hi Achim, > Hmm, isn't the username/password used here to protect in this case? IMO, the > JMX behavior should keep same as the ssh behavior, currently the ssh is > remote accessible, we have > sshHost=0.0.0.0, of course the remote access need username/password, it's > really weird from my point of view we enable ssh remote access by default > but not the jmx, I don't see any real difference between the two. > > Regards > Freeman > > On 2012-3-28, at 下午3:08, Achim Nierbeck wrote: > > I'm not sure if this is something that needs to be fixed. > I'd rather suggest to document this, cause if it's not bound to the > local interface we open a possible security hole here. > Cause anybody could be able to access and alter the Karaf server through > JMX. > > Regards, Achim > > 2012/3/28 Freeman Fang <[email protected]>: > > Hi, > > > I think this is something we need fix, create KARAF-1295[1] to track it. > > > [1]https://issues.apache.org/jira/browse/KARAF-1295 > > > Regards > > Freeman > > > On 2012-3-28, at 上午1:34, Dan Tran wrote: > > > karaf by default only binds its JMX listener ports to localhost and > > therefor all remote access is forbidden. You need to fix up you > > o.a.k.managemnt, to bind JMX listener ports to 0.0.0.0 > > > serviceUrl = > > service:jmx:rmi://0.0.0.0:${rmiServerPort}/jndi/rmi://0.0.0.0:${rmiRegistryPort}/karaf-${karaf.name} > > > -D > > > > > On Mon, Mar 26, 2012 at 3:27 PM, Nick Dimos <[email protected]> wrote: > > > Hi Tiago, > > > > I faced the same issue some time ago and I believe it is a routing problem. > > > Can you please check the network interfaces of your server? In which network > > > interface does the running Tomcat bind its rmi server? > > > In any case you can use tcpdump or other traffic monitoring tool to check > > > where the problem is. > > > > > On Mon, Mar 26, 2012 at 8:38 PM, Thiago Souza <[email protected]> wrote: > > > > Hi Dan, > > > > Client machine is: > > > Windows Server 2008 R2 Datacenter 64-bit > > > Java(TM) SE Runtime Environment (build 1.7.0_03-b05) > > > > Server machine is: > > > Ubuntu 11.10 64-bit > > > OpenJDK Runtime Environment (IcedTea6 1.11pre) > > > (6b23~pre11-0ubuntu1.11.10.2) > > > > There is nothing relevant in log... and I get same behavior with > > > jconsole... > > > > Cheers! > > > > On Mon, Mar 26, 2012 at 14:30, Dan Tran <[email protected]> wrote: > > > > On Mon, Mar 26, 2012 at 10:20 AM, Thiago Souza <[email protected]> > > > wrote: > > > Could you tell us more about yr karaf platform ( OS, jre )? > > > > Are you able to see any thing from debug log? > > > > How about JConsole? > > > > -D > > > > > Hi Niko, > > > > Thanks for your help... but this is already configured... also, I > > > can > > > successfuly connect to other jvm (running tomcat only) from the same > > > client > > > machine using this configuration... I just can't connect to karaf based > > > jvm... > > > > Thanks > > > > On Mon, Mar 26, 2012 at 12:06, Nick Dimos <[email protected]> > > > wrote: > > > > Hi Tiago, > > > > Can you please check this: > > > http://stackoverflow.com/questions/834581/remote-jmx-connection > > > > Hope that helps. > > > Cheers, > > > Nikos > > > > > On Mon, Mar 26, 2012 at 5:44 PM, Thiago Souza <[email protected]> > > > wrote: > > > > Hi Mike, > > > > Thanks for you reply! There is no firewall configured thought > > > =/... > > > Unfortunately what I really need is JVisualVM due to it's > > > profiling > > > tools... > > > > Also, I'm quite sure user/password is correct, I'm using default > > > configuration.... > > > > Cheers, > > > Thiago Souza > > > > > On Fri, Mar 23, 2012 at 23:51, mikevan <[email protected]> > > > wrote: > > > > Thiago, > > > > So, here's some background on what's probably causing your issue. > > > JVisualVM > > > actually uses two ports when you connect to a JMX Server remotely. > > > We > > > already know about the one that configured in Karaf 1099. However, > > > JVisualVM > > > also randomly selects a port to connect to the JMX Server. If your > > > version > > > of Karaf is behind a firewall, on a highly protected VM (like in a > > > VMWare > > > cloud), or has other security concerns associated with it, you may > > > never > > > be > > > able to reliabley connect. > > > > Thats' why Karaf has a sub-project for a JMX webconsole page. A > > > couple > > > of > > > pretty smart developers work extra hard to make that page, and I > > > would > > > suggest you use that if you're having trouble connecting to teh JMX > > > server > > > holding your Karaf mbean information. > > > > Please let me know if that helps. > > > > ----- > > > Mike Van (All links open in new tabs) > > > Committer - Kalumet > > > > Atraxia Technologies > > > > Mike Van's Open Source Technologies Blog > > > -- > > > View this message in context: > > > > http://karaf.922171.n3.nabble.com/Connect-to-remote-JMX-tp3846988p3853241.html > > > Sent from the Karaf - User mailing list archive at Nabble.com. > > > > > > > > > > > --------------------------------------------- > > Freeman Fang > > > FuseSource > > Email:[email protected] > > Web: fusesource.com > > Twitter: freemanfang > > Blog: http://freemanfang.blogspot.com > > > > > > > > > > > > > > -- > > Apache Karaf <http://karaf.apache.org/> Committer & PMC > OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> > Committer & Project Lead > blog <http://notizblog.nierbeck.de/> > > > --------------------------------------------- > Freeman Fang > > FuseSource > Email:[email protected] > Web: fusesource.com > Twitter: freemanfang > Blog: http://freemanfang.blogspot.com > > > > > > > > > -- Apache Karaf <http://karaf.apache.org/> Committer & PMC OPS4J Pax Web <http://wiki.ops4j.org/display/paxweb/Pax+Web/> Committer & Project Lead blog <http://notizblog.nierbeck.de/>
