Hello,
I have noticed there is support for connecting to the remote YourKit application via SSH. By default this is allowed, though insecure and unauthenticated connections are able to connect too simply by entering the IP and nothing else. Is there anything I can do to restrict connections to YourKit to only allow SSH authenticated clients?
Thanks!
Restrict connections to SSH
-
- Posts: 6172
- Joined: Wed Aug 11, 2004 8:37 am
Re: Restrict connections to SSH
Hello,
In short: there is no built-in support for that in the profiler agent, but you can achieve this by restricting access to the agent port. For detail see below.
The profiler agent listens on a network socket on given port:
https://www.yourkit.com/docs/java/help/ ... s.jsp#port
SSH support is not built-in. Instead, the SSH tunneling support you mentioned is the profiler UI's feature intended to simplify remote connections when the profiler agent port is not directly accessible at the remote host.
The only things you can tweak at the agent side is to specify startup options "listen" or "onlylocal" -- please find their description via the link above.
You can use a firewall to restrict access to the agent port(s) at the remote host from outside. As the result, the only possible way to connect to a profiling application running of the host will be to use an SSH tunnel.
Best regards,
Anton
In short: there is no built-in support for that in the profiler agent, but you can achieve this by restricting access to the agent port. For detail see below.
The profiler agent listens on a network socket on given port:
https://www.yourkit.com/docs/java/help/ ... s.jsp#port
SSH support is not built-in. Instead, the SSH tunneling support you mentioned is the profiler UI's feature intended to simplify remote connections when the profiler agent port is not directly accessible at the remote host.
The only things you can tweak at the agent side is to specify startup options "listen" or "onlylocal" -- please find their description via the link above.
You can use a firewall to restrict access to the agent port(s) at the remote host from outside. As the result, the only possible way to connect to a profiling application running of the host will be to use an SSH tunnel.
Best regards,
Anton
-
- Posts: 6172
- Joined: Wed Aug 11, 2004 8:37 am
Re: Restrict connections to SSH
Update:
I confirm that using the option "onlylocal" indeed solves your task: there will be no other way to connect to the application except for SSH tunneling to its host.
I confirm that using the option "onlylocal" indeed solves your task: there will be no other way to connect to the application except for SSH tunneling to its host.
-
- Posts: 2
- Joined: Thu Jun 30, 2016 8:02 pm
Re: Restrict connections to SSH
Thank you very much "onlylocal" does the job perfectly!