This optional package is introduced in ClusterControl v1.4.2. This module provides the ability to connect to the SSH console to any of your cluster hosts directly via ClusterControl UI. This can be very useful if you need to quickly log into a database server and access the command line. The package installs a binary called cmon-ssh
located under /usr/sbin
directory and by default listens to port 9511 on the ClusterControl node. It interacts directly with the target host via SSH protocol using the credential (os_user
and ssh_identity
) configured when deploying or importing the cluster into ClusterControl.
The SSH module needs to be enabled in order to use the feature. If the package is installed directly via the package manager, the required steps are configured automatically. The steps are:
Enable the SSH module inside clustercontrol/bootstrap.php
:
define('SSH_ENABLED', true);
Set up the RewriteRule inside the Apache configuration file (above the <Directory/>
definitions):
# ClusterControl SSH
RewriteEngine On
RewriteRule ^/clustercontrol/ssh/term$ /clustercontrol/ssh/term/ [R=301]
RewriteRule ^/clustercontrol/ssh/term/ws/(.*)$ ws://127.0.0.1:9511/ws/$1 [P,L]
RewriteRule ^/clustercontrol/ssh/term/(.*)$ http://127.0.0.1:9511/$1 [P]
Enable the following Apache modules:
$ a2enmod proxy proxy_http proxy_wstunnel
Communication is based on HTTPS, so it is possible to access your servers from behind a firewall that restricts Internet access to only port 443. Access to WebSSH is configurable by the ClusterControl admin through the GUI.
ClusterControl does not provide extra layers of authentication and authorization when accessing the cluster from a web-based SSH terminal. The user who has access to the cluster in the ClusterControl UI may capable of accessing the terminal as a privileged user. Use Access Control to limit them.