[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: Using conserver to secure cisco routers

David K. Z. Harris zonker@jeffk.com
Thu, 9 Mar 2006 23:30:51 -0800 (PST)

On Thu, Mar 09, 2006 at 10:28:47PM -0800, Mark Jayson Alvarez wrote:
> Bryan Stansell <bryan@conserver.com> wrote: hey mark...yep, that's what conserver was made for.  ;-)
>  You mean multiple logins at the same time using only one /dev/cuad0 ??? When I tried it, console complained that "hey, mark is connected".. 

  Yep...the key is, that second person *IS* also connected, but in
read-only (or "spy") mode...

  So, log in the first person...he has read-write... then log in the 
second person, and they are read-only... The first person can type, 
but both will see what's happening. :-)

  Next, have the second person type [ctrl]-[e[, [c], [f], to 'force'
control of the connection...the first user get's "bumped" into spy
mode, but they see the login name of who bumped them (they are now
in read-only mode)...and the second user now has read-write! Still,
any responses from the consoled device will go to both (read: 'all
attached') users on that console.

  Typing ^E-c-w will show you 'who' is attached to that console,
and indicates which user has read-write access.

  When the second person either disconnects (^E-c-.) or goes into
spy mode (^E-c-s), then the previous user gets control back.
(Of course, the other person could have 'forced' the connection
back to thenselves, too. ;-)

  Of course, before forcing the connection, it's always a good idea
to reply the last 60 lines of the log (^E-c-r) to see what the person
with read-write access is up to...they may be in the middle of a 
configuration change, etc., and hitting a couple carriage returns
may accept settings that you would rather not have. :-)

  Many users can be on the same console, in spy mode, but only one
cn have read-write control at a time.