Restrict connections to SSH

Questions about YourKit Java Profiler
Post Reply
Nomburs
Posts: 2
Joined: Thu Jun 30, 2016 8:02 pm

Restrict connections to SSH

Post by Nomburs »

Hello,

I have noticed there is support for connecting to the remote YourKit application via SSH. By default this is allowed, though insecure and unauthenticated connections are able to connect too simply by entering the IP and nothing else. Is there anything I can do to restrict connections to YourKit to only allow SSH authenticated clients?

Thanks!
Anton Katilin
Posts: 6172
Joined: Wed Aug 11, 2004 8:37 am

Re: Restrict connections to SSH

Post by Anton Katilin »

Hello,

In short: there is no built-in support for that in the profiler agent, but you can achieve this by restricting access to the agent port. For detail see below.

The profiler agent listens on a network socket on given port:
https://www.yourkit.com/docs/java/help/ ... s.jsp#port

SSH support is not built-in. Instead, the SSH tunneling support you mentioned is the profiler UI's feature intended to simplify remote connections when the profiler agent port is not directly accessible at the remote host.

The only things you can tweak at the agent side is to specify startup options "listen" or "onlylocal" -- please find their description via the link above.

You can use a firewall to restrict access to the agent port(s) at the remote host from outside. As the result, the only possible way to connect to a profiling application running of the host will be to use an SSH tunnel.

Best regards,
Anton
Anton Katilin
Posts: 6172
Joined: Wed Aug 11, 2004 8:37 am

Re: Restrict connections to SSH

Post by Anton Katilin »

Update:

I confirm that using the option "onlylocal" indeed solves your task: there will be no other way to connect to the application except for SSH tunneling to its host.
Nomburs
Posts: 2
Joined: Thu Jun 30, 2016 8:02 pm

Re: Restrict connections to SSH

Post by Nomburs »

Thank you very much "onlylocal" does the job perfectly!
Post Reply