Please note that this capability is experimental and can be subject to significant changes.
FastNetMon Advanced provides the capability to expose the command line configuration tool fcli via the SSH protocol without using the system SSH server.
Such an approach offers better security as it provides access only for FastNetMon specific configuration options and does not provide access to filesystem at all.
FastNetMon SSH shell does not use Linux access control, and you can control it completely independent way.
To enable this capability, please use at least version 2.0.351.
As the very first step, we need to create a systemd service unit for FastNetMon’s SSH shell:
sudo vim /lib/systemd/system/fastnetmon_ssh_shell.service
After this, populate the following content:
[Unit] Description=FastNetMon Advanced web API gateway After=network.target remote-fs.target [Service] Type=simple Environment=SSH_SERVER_MODE=on ExecStart=/opt/fastnetmon/app/bin/fcli Restart=on-failure RestartSec=5s [Install] WantedBy=multi-user.target
By default, it will use port 2222, but you can change it using the environment variable SSH_SERVER_PORT.
After this, you need to populate your public ssh key in the same format as for ~/.ssh/authorized_keys to /etc/fastnetmon/authorized_keys. You can only put a single key here.
Then, start the service:
sudo systemctl restart fastnetmon_ssh_shell
Enable auto start on machine boot:
sudo systemctl enable fastnetmon_ssh_shell
Check that the service is up and running:
sudo systemctl status fastnetmon_ssh_shell
After this, you can access fcli interface via SSH in non non-interactive way:
ssh flab1 -p2222 fcli show license Production license for 10000 mbits valid until 2023-10-17
Or using the interactive fcli console:
ssh flab1 -p2222 fcli>
Where you can run any commands in an interactive shell session:
fcli> show license Production license for 10000 mbits valid until 2023-10-17
This interface provides exactly the same commands as regular fcli.