From gregb_ka6max@hotmail.com Thu Sep 4 15:19:25 2003 Received: from hotmail.com (law12-f73.law12.hotmail.com [64.4.19.73]) by underdog.stansell.org (8.12.9/8.12.9) with ESMTP id h84MJO3A020234 for ; Thu, 4 Sep 2003 15:19:25 -0700 (PDT) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 4 Sep 2003 15:19:24 -0700 Received: from 20.137.146.50 by lw12fd.law12.hotmail.msn.com with HTTP; Thu, 04 Sep 2003 22:19:23 GMT X-Originating-IP: [20.137.146.50] X-Originating-Email: [gregb_ka6max@hotmail.com] From: "Greg Brown" To: users@conserver.com Date: Thu, 04 Sep 2003 15:19:23 -0700 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 04 Sep 2003 22:19:24.0386 (UTC) FILETIME=[98B1E420:01C37332] Subject: Logging in from SSH2 PuTTY X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.2 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Sep 2003 22:19:26 -0000 Dear Conserver Users, I am using Conserver 7.2.7 to monitor the consoles of 60 Unix servers and am very pleased with it's performance and features. I am hardening the Conserver Unix host and requiring SSH2 logins. Most administrators are using PuTTY, a freeware terminal emulator with SSH2 built-in. When a user logs in with password authentication and puts in their password after the "console xxxxx" command, all works well. When a user attempts to use public key encryption, connects, and types in their passphrase, they get a "Sorry." message. I am trying to automate the logon process by having PuTTY called with arguments from a web page. Depending on which link they click for the particular host they want to console to, PuTTY is called and the "console xxxxx" command is entered automatically by PuTTY. Problem is, the "Sorry." message comes back. Bryan, I know that with my version of Conserver on HP/UX 11.0 that system passwords are limitted to 8 characters in order to work with Conserver. Do you have any ideas? Thanks for a such a useful application! Greg Brown Computer Sciences Corporation San Diego Data Center _________________________________________________________________ Fast, faster, fastest: Upgrade to Cable or DSL today! https://broadband.msn.com From duncan_j_ferguson@yahoo.co.uk Wed Sep 17 03:42:57 2003 Received: from smtp016.mail.yahoo.com (smtp016.mail.yahoo.com [216.136.174.113]) by underdog.stansell.org (8.12.9/8.12.9) with SMTP id h8HAgv3A010591 for ; Wed, 17 Sep 2003 03:42:57 -0700 (PDT) Received: from prigate.egg.com (HELO yahoo.co.uk) (duncan?j?ferguson@212.158.94.70 with plain) by smtp.mail.vip.sc5.yahoo.com with SMTP; 17 Sep 2003 10:42:56 -0000 Message-ID: <3F683A91.20908@yahoo.co.uk> Date: Wed, 17 Sep 2003 11:42:25 +0100 From: duncan_j_ferguson User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5b) Gecko/20030914 Thunderbird/0.3a X-Accept-Language: en-us, en MIME-Version: 1.0 To: users@conserver.com Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Request X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.2 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Sep 2003 10:42:58 -0000 Just found out about conserver and it seems very good - running off 8.0.0-b4 and works very well. Can I request an optional tag be included with the server name in unloved console output, or the time stamp info in the server log files? The tag could be configurable, but include something like tag "&:%:@ " where & is the server name, % is the terminal server name and @ is the port or device type, or something similar? Why? Because i work in a very dynamic environment where servers are semi-regularly moved between console servers. I currently have a script that connects to each terminal server we have (mix of annex, jetstream and cs9000), sends a to the ports and grabs the host name (or, if the console is logged in, logs out and grabs host name, or warns if at ok prompt, etc). When done, a lookup-table is written to ensure we can easily get to a console without having to check the terminal servers or machines by hand. With conserver i can see i could do a similar type thing to auto-discover what is on all the ports. Initially define all the ports with names within the conserver.cf such as console _{ aliases __alias; host ; port ; } hit each port with a script to send a then scan the log files to see what names i can pick up. When all ports have been scanned, rewrite the conserver.cf files and HUP conserver. However, i cannot currently see how to associate which log file with which terminal server and port to grab the correct host name correctly. Using an optional tag would resolve this. Thanks. Duncs From bryan@stansell.org Thu Sep 18 15:51:06 2003 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.9/8.12.9) with ESMTP id h8IMp63A018164 for ; Thu, 18 Sep 2003 15:51:06 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.9/8.12.9/Submit) id h8IMp6vi018163 for users@conserver.com; Thu, 18 Sep 2003 15:51:06 -0700 (PDT) Date: Thu, 18 Sep 2003 15:51:06 -0700 From: Bryan Stansell To: users@conserver.com Message-ID: <20030918225106.GB18075@underdog.stansell.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i Subject: Re: Logging in from SSH2 PuTTY X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.2 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 22:51:07 -0000 On Thu, Sep 04, 2003 at 03:19:23PM -0700, Greg Brown wrote: > When a user logs in with password authentication and puts in their > password after the "console xxxxx" command, all works well. > > When a user attempts to use public key encryption, connects, and types in > their passphrase, they get a "Sorry." message. weird...but, i can probably explain why the "Sorry." occurs. > I am trying to automate the logon process by having PuTTY called with > arguments from a web page. Depending on which link they click for the > particular host they want to console to, PuTTY is called and the "console > xxxxx" command is entered automatically by PuTTY. Problem is, the "Sorry." > message comes back. i've taken a quick look at the openssh interface and it seems to only automatically allocate a pseudo-tty when you do a full login - if you just run a command, there is no tty. conserver needs to be able to open /dev/tty to read that password, so it needs to talk to a pseudo-tty. there's a -t flag in openssh that forces sshd to allocate a tty even though it's a remote command - when i used that, it "fixed" the problem and i always go the prompt for the password. i took a quick look at the putty docs and it too seems to have a -t option (or maybe it was the plink tool). anyway, there could be a weird bug in putty where it's allocating a pseudo-tty when using password authentication and not when using keys, which would explain the difference in behavior. but, if you can get the -t option in there, you should be ok. > Bryan, I know that with my version of Conserver on HP/UX 11.0 that system > passwords are limitted to 8 characters in order to work with Conserver. Do if you're running 7.2.7, you shouldn't be limited to 8 characters (just so everyone knows that). the fix you helped me with is in that version. sorry for taking so long to answer...i was offline for the last few weeks. Bryan From bryan@stansell.org Thu Sep 18 16:59:06 2003 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.9/8.12.9) with ESMTP id h8INx63A018377 for ; Thu, 18 Sep 2003 16:59:06 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.9/8.12.9/Submit) id h8INx6ta018376 for users@conserver.com; Thu, 18 Sep 2003 16:59:06 -0700 (PDT) Date: Thu, 18 Sep 2003 16:59:06 -0700 From: Bryan Stansell To: users@conserver.com Message-ID: <20030918235906.GE18075@underdog.stansell.org> References: <3F683A91.20908@yahoo.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F683A91.20908@yahoo.co.uk> User-Agent: Mutt/1.4.1i Subject: Re: Request X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.2 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Sep 2003 23:59:07 -0000 On Wed, Sep 17, 2003 at 11:42:25AM +0100, duncan_j_ferguson wrote: > Can I request an optional tag be included with the server name in > unloved console output, or the time stamp info in the server log files? never hurts...but i'm not sure if you need it. > hit each port with a script to send a then scan the log files > to see what names i can pick up. When all ports have been scanned, > rewrite the conserver.cf files and HUP conserver. However, i cannot > currently see how to associate which log file with which terminal server > and port to grab the correct host name correctly. Using an optional tag > would resolve this. how about the 'console -i' output? that's there to give random details in a parsable way. it shows the console name, device specification, etc. you should be able to use that to get all the info, right? i may be totally off on what you meant, so please correct me if i'm wrong. it really sounds like what you'd like to do is possible. Bryan From bryan@stansell.org Mon Sep 22 13:58:05 2003 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.10/8.12.10) with ESMTP id h8MKw50b012867; Mon, 22 Sep 2003 13:58:05 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.10/8.12.10/Submit) id h8MKw4fa012866; Mon, 22 Sep 2003 13:58:04 -0700 (PDT) Date: Mon, 22 Sep 2003 13:58:04 -0700 From: Bryan Stansell To: announce@conserver.com, users@conserver.com Message-ID: <20030922205804.GA12849@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Cc: Subject: conserver-8.0.0 is available X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.2 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2003 20:58:06 -0000 I've decided to go ahead and finally release 8.0.0. There were only a couple of changes since the 8.0.0-beta4 release, so I feel comfortable finally packaging it up. Here are the changes since 8.0.0-beta4. For those upgrading from pre-8.0.0 versions, *please* read the INSTALL file for details on migration. version 8.0.0 (Sep 22, 2003): - better error messages and management of the user's password - 8.0.0-beta4 mistakenly lost conserver.passwd usage - empty passwords now don't trigger a passwd prompt (like 7.2.7) - upgraded to autoconf-2.57 and use recent config.guess/sub files - suggested by Jorgen Hagg - we now install the conserver.rc file as well as sample conserver.cf and conserver.passwd files in $(prefix)/share/examples/conserver - suggested by Hubert Feyrer Bryan Stansell From mccantaj@amgen.com Thu Sep 25 15:43:38 2003 Received: from bastion.amgen.com (ns3.amgen.com [138.133.17.8]) by underdog.stansell.org (8.12.10/8.12.10) with ESMTP id h8PMhbbs012612 for ; Thu, 25 Sep 2003 15:43:38 -0700 (PDT) Received: (from uucp@localhost) by bastion.amgen.com (8.11.7+Sun/8.11.7) id h8PMhbg22358 for ; Thu, 25 Sep 2003 15:43:37 -0700 (PDT) Received: from mailbag.amgen.com(138.133.10.78) by bastion.amgen.com via csmap (V6.0) id srcAAACtaOQR; Thu, 25 Sep 03 15:43:34 -0700 Received: from WA-BH1-SEA.immunex.com (wa-bh1-sea.immunex.com [198.178.220.219]) by mailbag.amgen.com (8.8.5/8.8.5) with ESMTP id PAA04070 for ; Thu, 25 Sep 2003 15:43:34 -0700 (PDT) Received: by wa-bh1-sea.immunex.com with Internet Mail Service (5.5.2653.19) id ; Thu, 25 Sep 2003 15:43:33 -0700 Message-ID: <567ACB2E39C83543B746F1AD7F5E5E0402F944F8@wa-mb2-sea-223.immunex.com> From: "McCanta, Jay" To: "'users@conserver.com'" Date: Thu, 25 Sep 2003 15:43:32 -0700 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) Content-Type: text/plain Subject: Conser 8.0 access problems. X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.2 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2003 22:43:39 -0000 I have conserver 8.0 running on a Solaris box. I am using netmasks to define access like I did in 7.x. However, I am getting the following error message upon startup. And, no access from remote nodes. Here are the particulars (names changed for security), any ideas? BTW, it makes no difference if I use a comma or space to separate the hosts. ERROR: invalid ACL CIDR notation `10.17.0.0/16' [/usr/local/etc/conserver.cf:40] ------------------------------------------------------------------------ $ /usr/local/sbin/conserver -V conserver: conserver.com version 8.0.0 conserver: default access type `r' conserver: default escape sequence `^Ec' conserver: default configuration in `/usr/local/etc/conserver.cf' conserver: default password in `/usr/local/etc/conserver.passwd' conserver: default logfile is `/var/log/conserver' conserver: default pidfile is `/var/run/conserver.pid' conserver: default limit is 16 members per group conserver: default primary port referenced as `586' conserver: default secondary base port referenced as `0' conserver: options: openssl, pam conserver: openssl version: OpenSSL 0.9.7b 10 Apr 2003 conserver: built with `./configure --with-openssl=/usr/local/ssl --with-regex --with-pam --with-master=master.ourdomain.com --with-port=586 --with-trustrevdns' ------------------------------------------------------------------------ $ cat /usr/local/etc/conserver.cf default full { rw *; } default * { logfile /var/log/consoles/&; timestamp 1lab; include full; } console systemname { master master.ourdomain.com; logfile /var/log/consoles/&.current; type host; host terminalserver1; port 4001; } access * { trusted 127.0.0.1 localhost; allowed 192.168.220.0/24,10.17.0.0/16; } ------------------------------------------------------------------------ $ cat /usr/local/etc/conserver.passwd *any*:*passwd* ------------------------------------------------------------------------ From bryan@stansell.org Thu Sep 25 16:24:33 2003 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.10/8.12.10) with ESMTP id h8PNOVbs015641 for ; Thu, 25 Sep 2003 16:24:33 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.10/8.12.10/Submit) id h8PNOVnA015640 for users@conserver.com; Thu, 25 Sep 2003 16:24:31 -0700 (PDT) Date: Thu, 25 Sep 2003 16:24:31 -0700 From: Bryan Stansell To: "'users@conserver.com'" Message-ID: <20030925232431.GA15578@underdog.stansell.org> References: <567ACB2E39C83543B746F1AD7F5E5E0402F944F8@wa-mb2-sea-223.immunex.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <567ACB2E39C83543B746F1AD7F5E5E0402F944F8@wa-mb2-sea-223.immunex.com> User-Agent: Mutt/1.4.1i Subject: Re: Conser 8.0 access problems. X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.2 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Sep 2003 23:24:34 -0000 On Thu, Sep 25, 2003 at 03:43:32PM -0700, McCanta, Jay wrote: > I have conserver 8.0 running on a Solaris box. I am using netmasks to > define access like I did in 7.x. However, I am getting the following error > message upon startup. And, no access from remote nodes. Here are the > particulars (names changed for security), any ideas? BTW, it makes no > difference if I use a comma or space to separate the hosts. well, the beta code obviously didn't get exercised that well. you have two options to get around this. the first is to just put each address in it's own access list. so, allowed 192.168.220.0/24,10.17.0.0/16; becomes allowed 192.168.220.0/24; allowed 10.17.0.0/16; the second option is to apply a small patch to reset some of the variables that were not cleared through the loop: *** readcfg.c Thu Aug 21 15:04:07 2003 --- readcfg.c+ Thu Sep 25 16:10:25 2003 *************** *** 2872,2877 **** --- 2872,2879 ---- for (token = strtok(acl, ALLWORDSEP); token != (char *)0; token = strtok(NULL, ALLWORDSEP)) { + i = 0; isCIDR = 0; + nCount = 0; dCount = 0; sCount = 0; mCount = 0; sPos = 0; /* Scan for [0-9./], and stop if you find something else */ for (i = 0; token[i] != '\000'; i++) { if (isdigit((int)(token[i]))) { thanks for sharing the problem. the patch will be in 8.0.1, whenever that happens (hopefully if there are more issues with 8.0.0 i'll hear about them and be able to include them as well). Bryan From bryan@stansell.org Mon Sep 29 09:01:02 2003 Received: from underdog.stansell.org (localhost [127.0.0.1]) by underdog.stansell.org (8.12.10/8.12.10) with ESMTP id h8TG12bs021526; Mon, 29 Sep 2003 09:01:02 -0700 (PDT) Received: (from bryan@localhost) by underdog.stansell.org (8.12.10/8.12.10/Submit) id h8TG1257021525; Mon, 29 Sep 2003 09:01:02 -0700 (PDT) Date: Mon, 29 Sep 2003 09:01:02 -0700 From: Bryan Stansell To: users@conserver.com, announce@conserver.com Message-ID: <20030929160102.GA21497@underdog.stansell.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Cc: Subject: conserver-8.0.1 is available X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.2 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2003 16:01:05 -0000 This release is a mix of important bug fixes (if you're using 8.0.0, please upgrade to 8.0.1), an added feature, and some slight adjustments to existing code. The new feature is the addition of an 'initcmd' console directive. When a console is brought up, the command is run (with it's I/O redirected to the console). This allows you to authenticate to terminal servers, initialize devices, or anything else. A version of the chat program was contributed and (see contrib/chat) to work with this new feature. I hope everyone enjoys the new code and please let me know if you see any problems. Here is the detailed list of changes: version 8.0.1 (Sep 29, 2003): - fixed bug in access list parsing where multiple addresses per line can cause errors - reported by Jay McCanta - changed client password prompt to show hostname passed down by the server - suggested by Toby Gerhart - fixed bug where remote console names were only search for substring matches - reported by Toby Gerhart - the server -M option wasn't being used properly to limit the consoles managed by the host - added 'initcmd' console option which allows a command to interact with a console right after a console is opened - suggested by Greg Woods - added the chat program contributed by Greg Woods to the contrib/chat directory - added WUNTRACED to waitpid() for catching suspended processes - reworded some client/server messages to be clearer - embedded non-printable characters in break lists now display correctly when '^Ecl?' is used - in case client aborts unexpectedly, terminal state should now be restored to normal Bryan Stansell