[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Bryan Stansell email@example.com
Thu, 9 Mar 2006 07:11:35 -0800 (PST)
hey mark...yep, that's what conserver was made for. ;-) you just point conserver at your consoles (in the example below, it's /dev/cuad0 - but any others you might hook up as well), and folks could then log in and use 'console <router>' to gain access. if you wanted to be even more secure you could limit who had login access to the freebsd box to just you and have them use the console client from remote machines. and as a "middle ground", you could set their shell to a script that execed 'console <router>' and put them in the "restricted user" list inside conserver...that way they'd be "locked" onto the console and unable to do some of the more advanced commands (that may or may not be appropriate, depending on your world). that's a lot to absorb. i'd start with something simple (getting conserver going and using the client locally) and then refine that if you need to. check out conserver.cf/samples/simple.cf (and the others) in the distribution for a starting point of crafting a config file. good luck! Bryan On Thu, Mar 09, 2006 at 12:33:46AM -0800, Mark Jayson Alvarez wrote: > Good day! > > I'm looking for ways to secure our cisco routers by not allowing > remote access to it, and only console access. To do this, I would > connect the router to a pc using a console cable. The pc is running > freebsd 6.0. The pc can be accessed via a much secure ssh. After a > user logs in, he can use "cu -l /dev/cuad0 -s 9600" Now he can > connect to the cisco router and recieve the login prompt. Now my > problem is how am I going to have multiple users login to the router > using only one console cable (as the router is limited to only one > console port). This is required because most of the time, our NOC > engineers are troubleshooting our network at the same time using > different priviledges. After googling for a while, I found conserver. > > Question: Am I looking into the right tool or not?? Anyone here > doing the same thing with their routers??