Remote Asterisk Console

Home » Asterisk Users » Remote Asterisk Console
Asterisk Users 6 Comments

Hello group,

what is the preferred method to connect to asterisk cli over network? I
need to run asterisk cli commands remotely. Sharing the unix socket through NFS, if that’s working?
Or any other approaches, despite using SSH or rlogin, rsh.

Thank you

Paul

6 thoughts on - Remote Asterisk Console

  • Hi,

    The easiest way would be to use asterisk manager interface (some simple steps to activate it on asterisk are easily found in the docs)
    https://wiki.asterisk.org/wiki/display/AST/AMI+Examples

    Now you will need a good python library to make it even easier https://pypi.python.org/pypi/asterisk-ami/0.1.0

    example :

    # 1- import from asterisk.ami import AMIClient from asterisk.ami import SimpleAction

    # 2- connect client = AMIClient(address=’192.168.1.100′,portP38)
    client.login(username=’username’,secret=’password’)

    # 3- use action = SimpleAction(
    ‘Originate’,
    Channel=’SIP/2010′,
    Exten=’2010′,
    Priority=1,
    Context=’default’,
    CallerID=’python’,
    )
    client.send_action(action)

    # 4- take a break your work is done

    REMARQUE: opening up your server to external access need to be done with a lot of care.

  • As others have mentioned: the manager interface is normally better for running over network.

    The manager interface also has an action calld ‘Command’ that runs a CLI
    command. In fact, contrib/scripts/astcli uses it to allow providing a remote console.

    Permissions needed for your manager user: For most things just:

    write=command

    To also be able to originate calls:

    write=command,originate

    To also be able to restart / reload:

    write=command,system

    No.

    SSH: should work, sure. However, it means you ssh to root at the remote host. Better set a key with ‘command’ explicitly set in authorized_keys for this.

    Rlogin, rsh: seriously? Anybody still uses those? Not only are they way less secure than SSH, they are also way less conveninet than any decent SSH implementation.

    Anyway, as mentioned before: you should probably use AMI.

  • Thank you both. That was (most likely) what I was looking for – but still some worries about sending plaintext passwords… For my simple commands a simple netcat command works for me. Previously used asterisk
    -rx in scripts. But now asterisk servers and other processes are split over multiple physical servers. A binary or script, making use of encryption and miming asterisk -r would be best. I am wondering, why such a tool is not part of asterisk itself… maybe I give this a try setting up a user (group asterisk)
    with asterisk -r as “login shell”.. and use ssh.. or something like that. It should be that safe, no other commands can be executed..

  • The AMI interface can use a Challenge-Response mechanisme for logins, if you are this concerned you should use this even over TLS/SSL/SSH.