[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

RE: Searchable archives? Best practices?

Brodie, Kent brodie@mcw.edu
Tue, 30 May 2006 19:20:46 -0700 (PDT) 

I didn't bother separating the networks--  but I did install an ssh key
on the server, a separate userid for console operations, and it works
pretty well.   Easy to get going, once to bang your head against the
wall getting ssh to behave.

My conserver.cf config is rather simple, yet effective.   I know I can
lock it down further, but it works for me.

Once I got it working, I locked down the terminal server and disabled
telnet access.   We use cyclades TS series.

Here's my conserver config if it helps:



# first, we're going to set some generic console defaults so that we
# don't have to duplicate them for each console.
default * {
        logfile /var/log/consoles/&;    # '&' is replaced with console
name
        timestamp 1hab;                 # write timestamps
        rw *;                           # allow all users
        master localhost;
}

## These are term servers accessed with an ssh command
## local user on these is conserver, they have ssh keys for root
## from this host.
# it too uses pattern substitution and such to get the job done
default cyclades1 { type exec; 
                   host xyzzzz.xxxx.edu;
                   exec /usr/bin/ssh -l conserver:P H;
                   execsubst H=hs,P=Pd; 
                   portbase 7000; portinc 1; }

default cyclades2 { type exec;
                   host xyzzy.xxxxx.edu;
                   exec /usr/bin/ssh -l conserver:P H;
                   execsubst H=hs,P=Pd;
                   portbase 7000; portinc 1; }

# ------- define the consoles on ts1.conserver.com --------
console abc     { include cyclades1; port 1; }
console abc2     { include cyclades1; port 2; }
console phred     { include cyclades1; port 3; }
console gray    { include cyclades1; port 4; }
....etc....



-----Original Message-----
From: users-bounces@conserver.com [mailto:users-bounces@conserver.com]
On Behalf Of Bryan Stansell
Sent: Tuesday, May 30, 2006 8:52 PM
To: users@conserver.com
Subject: Re: Searchable archives? Best practices?

On Tue, May 30, 2006 at 03:35:27PM -0700, Arnold de Leon wrote:
> Is there a searchable archive of the mailing list?  Are search engines
> able to crawl the archives?  It looks like they are but are they
> complete?

the search box is on the main page (http://www.conserver.com/).  ;-)
it should be complete...dunno about crawlers.

> What are considered best practices for connecting Cyclades ACS to
> conserver?  I'm transititioning an existing installation so the
> Cyclades are not on a dedicated management network.  I want to run SSH
> between conserver and the Cyclades and right now I'm contemplating
> installing an ssh key on the conserver server so it can connect to the
> Cyclades.

seems like a good path to me, but perhaps others who have actually done
it could chime in.  ;-)

i know some script a username/login using chat or expect (i assume
instead of using ssh keys).  but i suppose chat/expect could be
providing a ssh passphrase...all about the same, in my book.  no matter
what, you'd better keep *something* super-protected or risk unwanted
access.

Bryan
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users