[Freeswitch-users] fs_cli question

Steven Ayre steveayre at gmail.com
Tue May 17 02:36:56 MSD 2011


You can firewall the port to control who can connect to it. It still
requires a password of course (you should change it from the default).
The protocol is plaintext though, which you should bear in mind.

If you're worried about security you could tunnel a connection to
127.0.0.1 through a SSH tunnel, or look at mod_ssh (a new module, I
haven't had a proper look at it yet).

Something to bear in mind is that anyone on ESL can use any of the FS
commands, which includes the system command which'll allow them to run
any program on your server as the user FS runs as. That's probably the
biggest security risk of opening the ESL port up.

-Steve


On 16 May 2011 22:09, Michael Gende <mgende at gendesign.com> wrote:
> Hello Kristian,
>
> That was it. Many thanks. We found the right XML file, changed the default
> binding from 127.0.0.1 to the LAN IP of the FS box itself and are "in like
> the burglar".
>
> Hopefully, we've not compromised security by doing so, as you intimate in
> your initial post!
>
> Many Thanks Again,
>
> Mike G.
>
> On Mon, May 16, 2011 at 3:08 PM, Kristian Kielhofner <kris at kriskinc.com>
> wrote:
>>
>> The event socket in the default configuration binds to 127.0.0.1 for
>> security purposes.  Have you changed that to a real network IP?
>>
>> On Mon, May 16, 2011 at 4:01 PM, Michael Gende <mgende at gendesign.com>
>> wrote:
>> > Hello,
>> >
>> > Say, I'm setting up a new FS box (no big issues there, using standard
>> > CentOS
>> > and latest FS from the site).
>> >
>> > Works fine, registering with provider, handset's, sends/receives calls,
>> > etc.
>> > One weird thing though:
>> >
>> > when I use -/bin/fs_cli, I've found that using the flags I'm used to "-H
>> > xxx.xxx.xxx.xxx -p password" doesn't seem to work remotely.
>> >
>> > Locally, fs_cli works, but only without flags of any kind. Just invoking
>> > the
>> > executable without arguments works every time.
>> >
>> > I have a few FS's running and want to use the fs_cli on my local
>> > computer to
>> > connect when need be. This works fine for all but my latest creation
>> > (two
>> > prior ones are a year or more older).
>> >
>> > Something foolish I've overlooked? No firewall on the new FS box,
>> > routing
>> > and LAN networking look/act fine.
>> >
>> > Any commentary welcome, thanks in advance.
>> >
>> > Mike G.
>> >
>> > _______________________________________________
>> > FreeSWITCH-users mailing list
>> > FreeSWITCH-users at lists.freeswitch.org
>> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> > http://www.freeswitch.org
>> >
>> >
>>
>>
>>
>> --
>> Kristian Kielhofner
>>
>> _______________________________________________
>> FreeSWITCH-users mailing list
>> FreeSWITCH-users at lists.freeswitch.org
>> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
>> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
>> http://www.freeswitch.org
>
>
> _______________________________________________
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>



More information about the FreeSWITCH-users mailing list