Setting up the Asterisk AMI
In this post, I would like to explain more about the Asterisk Ami, how to enable it, how to create a basic user, and how to login into the Asterisk Ami.
- Asterisk 16 or 18
- Netstat Package
What is the Asterisk AMI
The Asterisk Manager Interface, more commonly known as Asterisk Ami, is a very simple protocol that allows you to manage your asterisk server through your server command line. It has support to create and edit asterisk configuration files and also manage the calls, clients, agents, dial plan, etc.
Enabling the Asterisk AMI
The Asterisk Ami is per default disabled due to the security risks. In order to enable the Asterisk Ami, you'll need to edit the manager.conf file.
$ cd /etc/asterisk $ vi /manager.conf
This will open the configuration file and documentation which can be used as a reference point. In this configuration file, we will update the following part.
# manager.conf [general] enabled = no ;webenabled = yes port = 5038 bindaddr = 0.0.0.0
Let's set enabled to yes.
# manager.conf enabled = yes
Creating a Asterisk Ami user
When you scroll down further, you'll come across an example user named Mark, this is where we will create our Asterisk Ami user. We'll need this user to be able to login into our Asterisk Ami.
# manager.conf ;[mark] ;secret = mysecret ;deny=0.0.0.0/0.0.0.0 ;permit=220.127.116.11/255.255.255.0 ;acl=named_acl_example ; use a named ACL from acl.conf
Let's create our Ami user.
# manager.conf [testuser] secret=1234568 deny=0.0.0.0/0.0.0.0 permit=0.0.0.0/0.0.0.0
Setting the Asterisk Ami User Permissions
To give this user the rights to execute commands on the Asterisk Ami, we'll need to set the permissions for this user. The Asterisk Ami has two types of permissions.
By default, all permissions are denied. The following classes can be used:
# All event classes below (including any we may have missed). read=all write=all # General information about the system and ability to run system read=system write=system # Information about channels and ability to set information in a read=call write=call # Logging information. Read-only. (Defined but not yet used.) read=log write=log # Verbose information. Read-only. (Defined but not yet used.) read=verbose write=verbose # Information about queues and agents and ability to add queue read=agent write=agent # Permission to send and receive UserEvent. read=user write=user # Ability to read and write configuration files. read=config write=config # Permission to run CLI commands. Write-only. read=command write=command # Receive DTMF events. Read-only. read=dtmf write=dtmf # Ability to get information about the system. read=reporting write=reporting # Output of cdr_manager, if loaded. Read-only. read=cdr write=cdr # Receive NewExten and VarSet events. Read-only. read=dialplan write=dialplan # Permission to originate new calls. Write-only. read=originate write=originate # Output AGI commands executed. Input AGI command to execute. read=agi write=agi # Call Completion events. Read-only. read=cc write=cc # Permission to send Advice Of Charge messages and receive Advice read=aoc write=aoc # Ability to read TestEvent notifications sent to the Asterisk Test read=test write=test
You can also use multiple classes for one user.
# Example read=system,call,dialplan,originate write=system,call,dialplan,originate
For demonstration purposes, we are going to allow read and write permissions for all classes. Let's add the following code to our user.
# manager.conf [testuser] secret=1234568 deny=0.0.0.0/0.0.0.0 permit=0.0.0.0/0.0.0.0 read=all write=all
After this, we will save the configuration file and restart our Asterisk PBX server with the following command.
$ systemctl restart asterisk
Testing the Asterisk AMI
Now let's try to access the Asterisk AMI using telnet.
Let's first double-check if port 5038 is open, write the following command in your terminal.
$ netstat -lna | grep 5038
# ouput tcp 0 0 0.0.0.0:5038 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:5038 127.0.0.1:57250 TIME_WAIT
Now we can try to connect to the Asterisk Ami using telnet.
$ telnet localhost 5038
This should result in the Asterisk Call Manager responding as you are now connecting to the Asterisk Ami.
# ouput Trying ::1... Connected to localhost. Escape character is '^]'. Asterisk Call Manager/7.0.0
Log in to the Asterisk Ami
In order to login into our Asterisk Ami, we need to write the following in our terminal.
Action: login Username: testuser Secret: 12345678
We use the account details that we have set up earlier in our manager.conf. If everything went well you see the following.
Response: Success Massage: Authentication accepted
That’s pretty much it when it comes to setting up the Asterisk Ami and connecting to the interface.