From woods@whats.weird.com Thu Sep 6 21:37:51 2007 Received: from most.weird.com (most.weird.com [204.92.254.2]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l874bgN5004933 for ; Thu, 6 Sep 2007 21:37:47 -0700 (PDT) Received: from whats.weird.com ([204.92.254.9] port=57087) by most.weird.com([204.92.254.2] port=25) via TCP with esmtp (3588 bytes) (sender: ) (ident <[CadsE0yt0FIHpeWeJvWsAKWAgwFrcyh8cm8TmRUJrDxGmk1JJ6bpGKUTUGvVBQl7N9v3lkpKz6GHnNY6g6KmEw==]> using rfc1413) id for ; Fri, 7 Sep 2007 00:37:41 -0400 (EDT) (Smail-3.2.0.122-Pre 2005-Nov-17 #1 built 2007-Sep-4) Message-Id: Date: Fri, 07 Sep 2007 00:37:38 -0400 From: "Greg A. Woods" To: Subject: Re: Proposal: Inhibit "console down" In-Reply-To: <20070810180420.GK28518@underdog.stansell.org> References: <15080.141.113.101.32.1186047035.squirrel@www.uue.org> <20070810180420.GK28518@underdog.stansell.org> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.4 (alpha--netbsd) MULE/5.0 (SAKAKI) X-Face: ; j3Eth2XV8h1Yfu*uL{<:dQ$#E[DB0gemGZJ"J#4fH*][ lz; @-iwMv_u\6uIEKR0KY"=MzoQH#CrqBN`nG_5B@rrM8,f~Gr&h5a\= List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Sep 2007 04:37:52 -0000 --pgp-sign-Multipart_Fri_Sep__7_00:37:25_2007-1 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable At Fri, 10 Aug 2007 11:04:20 -0700, Bryan Stansell wrote: Subject: Re: Proposal: Inhibit "console down" >=20 > Yep...I certainly like it. It goes along with the other recent post > about preventing folks from turning off logging. Both should be doable. It seems to me that run-time logging control through the client user interface is way far out of the design goals of any good console server. In fact I would say it would be antithetical to the design of a good console server. It should _always_ be _impossible_ for any user of any compatible client program user to affect the logging configuration. It also seems to me that if any client user wants an extra copy of the log of what they've done then I'm sure they can just learn to use the common tools that already exist for such purposes, such as the aforementioned "script" utility. Creeping featurism for such obviously bad and/or unnecessary ideas is never a good thing, especially when some forms of decent security policies become impossible to implement as a result. The best way to make security easy from the get go is to follow the KISS principle foremost. The original subject of this thread, the proposed ability to inhibit "console down" is also an indication of a design flaw. Turning down a console port is not really something that should be controllable from the client protocol in the first place. (However the converse, triggering an attempt to bring the console up again is a very useful feature to have in any console client.) --=20 Greg A. Woods H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack Planix, Inc. Secrets of the Weird --pgp-sign-Multipart_Fri_Sep__7_00:37:25_2007-1 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: Ch3iPILcd0Lb9FgGRpVz+V6tcebiXivE iQA/AwUBRuDVkmJ7XxTCWceFEQJJUACg3U2dDfd4yl6ZDiBNaCzV0wtrTHIAoLLP KRn8nkTDbe7KqCevcQVcUzRM =ek/S -----END PGP SIGNATURE----- --pgp-sign-Multipart_Fri_Sep__7_00:37:25_2007-1-- From david.k.harris@siemens.com Fri Sep 7 09:51:24 2007 Received: from usnwk224srv.usa.siemens.com (usnwksmtp04e.usa.siemens.com [12.46.135.35]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l87GpFXJ017582 for ; Fri, 7 Sep 2007 09:51:20 -0700 (PDT) Received: from usnwk206a.ww017.siemens.net ([155.45.111.74]) by usnwk224srv.usa.siemens.com with InterScan Messaging Security Suite; Fri, 07 Sep 2007 09:51:14 -0700 Received: from USNWK102MSX.ww017.siemens.net ([155.45.111.57]) by usnwk206a.ww017.siemens.net with Microsoft SMTPSVC(6.0.3790.3959); Fri, 7 Sep 2007 09:51:06 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: Proposal: Inhibit "console down" Date: Fri, 7 Sep 2007 09:51:12 -0700 Message-ID: <2461A50AD2345646B1C4B3D7BA40B8E202ED452C@USNWK102MSX.ww017.siemens.net> In-Reply-To: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Proposal: Inhibit "console down" Thread-Index: AcfxCXlpt5V8lOYeT6OHKtGOktG80gAYD7pg From: "Harris, David (IT Solutions US)" To: X-OriginalArrivalTime: 07 Sep 2007 16:51:06.0147 (UTC) FILETIME=[48632730:01C7F16F] X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.62 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Sep 2007 16:51:25 -0000 First, my hat is off to Greg, for many years of support, discussion, and code contributions to Conserver.=20 I understand Greg's security perspective, but I feel moved to discuss cases where turning off logging, or being able to 'down' a console have been useful and necessary. My intent is only to present the cases, without trying to lobby for the preservation of the features, and then see what discussion may evolve from the group. :-) STOP LOGGING: I will suggest that, as an net admin, that it is far easier to disable logging temporarily is easier, and faster, than doing a task that exposes passwords in the clear into the log file, and then trying to go back after the fact and clear the entries from the log file. * In this case, I think the integrity of the log file is preserved, in that it was not, itself, physically modified, and notation was made where an operator invoked a "gap in the tape"...; * I also suggest that it is a LOT more manual effort (and therefore introduces more risks of unintended consequences) if someone must modify the CF file, HUP the server, make their changes, then re-modify the config, and HUP Conserver again.=20 DOWN A CONSOLE: In a recent case, a console started spewing ~120 Mbytes of data per 24-hr period. (It was a debug port on a "standby firewall" that went 'active'. It was logging to the partition that contained the other system logging for the OS, and it was rapidly filling the disk. We couldn't disconnect the port, as we needed to use it to command the firewall...but we couldn't let the disk fill (as that would halt the Conserver machine). Our tasks included sequences of up'ing the port, typing commands at the firewall, and down'ing the port, and testing the results. * We later moved the logs to a larger partition, and lowered the log rotation size from 20 MB to 10 MB.=20 * From time to time, "Down Happens". I'm pretty sure that the discussion hasn't approached whether or not client users should be able to "up" a port. But what if the port is something that spews, such as the firewall debug port? If a client 'up's the port, sees that it's spewing, but cannot 'down' the port again...what then? You don't know what is on the 'other side of the door' until you open it. (In real life, you feel the door before you open it to see if there is fire on the other side, but you can't tell if the other side 'only' has a toxic smoke... ;-) In summary, I like KISS, but I also like flexibility. I see that Conserver can evolve into a very secure tool, or it can become a bit more complex in order to allow the administrator to configure very-secure, or looser levels of control. =20 David 'Zonker' Harris Silicon Valley Service Delivery Center, Network Operations =20 Siemens IT Solutions and Services, Inc.=20 Infrastructure Management Services 39600 Eureka Drive Newark, CA 94560 Tel: 510 624-5524 Mob: 510 648-0701 Fax: 510 624-5508 mailto: david.k.harris@siemens.com=20 www.usa.siemens.com/it-solutions From Adam.Morris@providence.org Fri Sep 7 11:59:10 2007 Received: from wnp1244.or.providence.org (phsor-nat2.providence.org [170.220.2.14]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l87Ix1tA018395 for ; Fri, 7 Sep 2007 11:59:07 -0700 (PDT) Received: from mail pickup service by wnp1244.or.providence.org with Microsoft SMTPSVC; Fri, 7 Sep 2007 11:59:01 -0700 X-KryptiqSpooler: Handled Received: from WNP0620K.or.providence.org ([170.220.65.132]) by wnp1244.or.providence.org with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Sep 2007 11:59:00 -0700 Received: from wn0761.or.providence.org ([170.220.66.120]) by WNP0620K.or.providence.org with Microsoft SMTPSVC(6.0.3790.1830); Fri, 7 Sep 2007 11:59:00 -0700 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2929 Content-Class: urn:content-classes:message Importance: normal Priority: normal MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Proposal: Inhibit "console down" Date: Fri, 7 Sep 2007 11:59:00 -0700 Message-ID: <2DC1202ABB81434584F2478AB3529445010E9C41@wn0761.or.providence.org> In-Reply-To: <2461A50AD2345646B1C4B3D7BA40B8E202ED452C@USNWK102MSX.ww017.siemens.net> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Proposal: Inhibit "console down" thread-index: AcfxCXlpt5V8lOYeT6OHKtGOktG80gAYD7pgAAVl9hA= From: "Morris, Adam" To: X-OriginalArrivalTime: 07 Sep 2007 18:59:00.0132 (UTC) FILETIME=[26705640:01C7F181] X-Spam-Score: -0.74 () BAYES_20 X-Scanned-By: MIMEDefang 2.62 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Sep 2007 18:59:11 -0000 Greetings, As someone who doesn't often contribute to conserver, my opinion is = worth as much as you are willing to pay for it. If it's more than 4 = cents then you're paying too much (and given that I'm British and the = exchange rate is lousy for you, you're probably already paying too = much)... STOP LOGGING: I can understand circumstances where you might not want = to log some information, but I would suggest that if you can stop and = start logging then the command should ideally prompt you for a reason, = and then log a note saying something like "John stopped logging on 7th = November 2006 at 12:00:03. Stated reason 'I hate being snooped on'". = (Feel free to mangle the format to your own desires...) Basically you = want to know who, when and what reason they gave. You can then chase = them down later if you have questions. Sure this doesn't provide ideal = auditing, but at least it records what happened and why. It would also = be good if this was a per session setting. i.e. you disconnect without = remembering to turn logging back on, it gets turned back on = automatically. DOWN PORT: Again I can see why you might want to down a port. It would = again be nice if the same information was logged though. Who, When, = What and Why. If you look at the log file and see "Jasmine downed port = 17 as it was spewing data" then you don't need to up it to find out why = it was downed. It would also be good if these commands could be limited to sets of = users. i.e. You let the administrators up/down ports and stop logging, = but you don't let end users do it. While this adds some complexity it = does so in order to provide for flexibility. The security conscious = administrator might not want anyone to be able to run those commands, = while in an open environment they might be allowed for anybody. Just my 2p. Adam DISCLAIMER: This message is intended for the sole use of the addressee, and may = contain information that is privileged, confidential and exempt from = disclosure under applicable law. If you are not the addressee you are = hereby notified that you may not use, copy, disclose, or distribute to = anyone the message or any information contained in the message. If you = have received this message in error, please immediately advise the = sender by reply email and delete this message. From woods@whats.weird.com Fri Sep 21 11:29:18 2007 Received: from most.weird.com (most.weird.com [204.92.254.2]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l8LIT6np008795 for ; Fri, 21 Sep 2007 11:29:12 -0700 (PDT) Received: from whats.weird.com ([204.92.254.9] port=62479) by most.weird.com([204.92.254.2] port=25) via TCP with esmtp (6577 bytes) (sender: ) (ident <[tZBEjwJz11jVX8KjiwR5/p8IIqscurOP+kxUPUzAh068kf/K2znpjEXVn00BsnV3ZtHKp4ACwmmlnwcSpaUA4w==]> using rfc1413) id for ; Fri, 21 Sep 2007 14:29:06 -0400 (EDT) (Smail-3.2.0.122-Pre 2005-Nov-17 #1 built 2007-Sep-4) Message-Id: Date: Fri, 21 Sep 2007 14:29:02 -0400 From: "Greg A. Woods" To: "Conserver Users's Mailing List" Subject: Re: Proposal: Inhibit "console down" In-Reply-To: <2461A50AD2345646B1C4B3D7BA40B8E202ED452C@USNWK102MSX.ww017.siemens.net> References: <2461A50AD2345646B1C4B3D7BA40B8E202ED452C@USNWK102MSX.ww017.siemens.net> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.4 (alpha--netbsd) MULE/5.0 (SAKAKI) X-Face: ; j3Eth2XV8h1Yfu*uL{<:dQ$#E[DB0gemGZJ"J#4fH*][ lz; @-iwMv_u\6uIEKR0KY"=MzoQH#CrqBN`nG_5B@rrM8,f~Gr&h5a\= List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2007 18:29:19 -0000 --pgp-sign-Multipart_Fri_Sep_21_14:29:01_2007-1 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable At Fri, 7 Sep 2007 09:51:12 -0700, Harris, David (IT Solutions US) wrote: Subject: RE: Proposal: Inhibit "console down" >=20 > First, my hat is off to Greg, for many years of support, discussion, > and code contributions to Conserver.=20 Thanks! Conserver is still the best thing going, bar none, for the job it does! And, particularly with respect to this kind of proposed feature discussion, it is open source so anyone who truly wants any given feature is "free" to implement it. What we're really discussing here is how, and in what form, such features should be accepted back into the common source base of a given public release branch. > STOP LOGGING: I will suggest that, as an net admin, that it is far > easier to disable logging temporarily is easier, and faster, than doing > a task that exposes passwords in the clear into the log file, and then > trying to go back after the fact and clear the entries from the log > file. I admit I'm not a common user of most types of non-computing devices that many conserver users may have connected to their console servers for one reason or another, but I must say I've never encountered any kind of device in recent years that echoed a password back to the user. I.e. I think stopping logging to hide passwords is a very poor excuse. :-) (and I don't think adding explanatory tags to the gap in the tape are anywhere near being a solution of any kind either) Now perhaps if conserver was to be logging input as well as output then maybe the ability to turn off logging of keystrokes would be a fair feature to consider.... (especially for authorised users who would be the only ones likely to know the passwords that might risk being logged) > * I also suggest that it is a LOT more manual effort (and therefore > introduces more risks of unintended consequences) if someone must modify > the CF file, HUP the server, make their changes, then re-modify the > config, and HUP Conserver again.=20 Well the point there is that an authorised admin can do that, but someone of lesser powers will be unable to do so thus truly preserving the integrity of the log. Security doesn't come for free! :-) > DOWN A CONSOLE: In a recent case, a console started spewing ~120 > Mbytes of data per 24-hr period. (It was a debug port on a "standby > firewall" that went 'active'. It was logging to the partition that > contained the other system logging for the OS, and it was rapidly > filling the disk. We couldn't disconnect the port, as we needed to use > it to command the firewall...but we couldn't let the disk fill (as that > would halt the Conserver machine). Our tasks included sequences of > up'ing the port, typing commands at the firewall, and down'ing the port, > and testing the results. There are two separate issues there getting munged up without proper consideration of the security implications of either one on its own and the proposed solution, in its simplest form, is in my opinion the worst possible compromise. One can buy a "refurbished" 750GB drive for well under $200 these days. :-) Even a brand new pair, in a RAID-1 enclosure, all with warranty, are well within reach of anyone with any serious need for large-capacity storage with decent availability and reliability. Also, if the port was debug output only, then why was it logging at all? Isn't the scroll-back buffer in your xterm big enough to capture all the possible temporary history you could ever desire? If not, why not? There are a number of possible solutions that would preserve the ability for a system implementer to create a more strict security policy while still providing for the kind of flexibility that could be required for testing and debugging, etc. Perhaps, especially w.r.t. allowing users to turn port monitoring off from the client interface, on idea would be to add both some form of "classification" of ports w.r.t. their security requirements, as well as a similar form of classification of users. That way some users could be authorised to have full control, and some classes of ports could be designated as debug or test ports where log integrity is less relevant. That's still perhaps a bit more complicated than it should be, but ultimately it's the most flexible framework to build upon -- e.g. the same features can easily be expanded to manage authorisation of client controls that could be used to enable and disable logging too. --=20 Greg A. Woods H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack Planix, Inc. Secrets of the Weird --pgp-sign-Multipart_Fri_Sep_21_14:29:01_2007-1 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: PnhI3wUVoC8VP3hoWNZSjVeoDZzHHlIg iQA/AwUBRvQNbWJ7XxTCWceFEQLXigCgssyh06DZ72Wkg4EBZGoCMSE5RcsAoPOu s5prrF5YOuyaAFvwQDaR0nDj =Y8xX -----END PGP SIGNATURE----- --pgp-sign-Multipart_Fri_Sep_21_14:29:01_2007-1-- From cross+conserver@distal.com Fri Sep 21 12:03:12 2007 Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l8LJ34Ka009183 for ; Fri, 21 Sep 2007 12:03:09 -0700 (PDT) Received: from mail.distal.com ([69.244.75.197]) by comcast.net (rwcrmhc11) with ESMTP id <20070921190303m11003lu06e>; Fri, 21 Sep 2007 19:03:03 +0000 Received: from [IPv6:2001:5c0:956b:20:214:51ff:fe65:d77e] ([IPv6:2001:5c0:956b:20:214:51ff:fe65:d77e]) by mail.distal.com (8.13.8/8.13.8) with ESMTP id l8LJ31Ed015217 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Fri, 21 Sep 2007 15:03:02 -0400 (EDT) In-Reply-To: References: <2461A50AD2345646B1C4B3D7BA40B8E202ED452C@USNWK102MSX.ww017.siemens.net> Mime-Version: 1.0 (Apple Message framework v752.2) Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: <6D702152-1E47-401F-8261-7DDEB5C96C28@distal.com> Content-Transfer-Encoding: 7bit From: Chris Ross Subject: Re: Proposal: Inhibit "console down" Date: Fri, 21 Sep 2007 15:02:40 -0400 To: "Greg A. Woods" X-Mailer: Apple Mail (2.752.2) X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.62 on 209.182.219.30 Cc: Conserver Users's Mailing List X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2007 19:03:13 -0000 On Sep 21, 2007, at 14:29, Greg A. Woods wrote: > I admit I'm not a common user of most types of non-computing devices > that many conserver users may have connected to their console servers > for one reason or another, but I must say I've never encountered any > kind of device in recent years that echoed a password back to the > user. It's very common for routers to require you to enter a new password in into the CLI, which will be echo'd. The password prompts don't typically echo passwords, but passwords are sometimes used in other ways. This is the first example I have thought of, but I'm sure there are others. > I.e. I think stopping logging to hide passwords is a very poor > excuse. :-) I think this would be something that conserver should have, for just this above reason. I think it should be a fairly restricted ability, to prevent both abuse and accidental use, but I think it has clear value, in an admittedly small number of situations. Just from someone who does console-monitor a variety of routers and switches, in addition to UNIX host consoles. - Chris From fabien@mail.faxm0dem.org Fri Sep 21 13:27:23 2007 Received: from smtp7-g19.free.fr (smtp7-g19.free.fr [212.27.42.64]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l8LKRF7m010064 for ; Fri, 21 Sep 2007 13:27:21 -0700 (PDT) Received: from smtp7-g19.free.fr (localhost [127.0.0.1]) by smtp7-g19.free.fr (Postfix) with ESMTP id 6DCDB1A3B5 for ; Fri, 21 Sep 2007 22:27:13 +0200 (CEST) Received: from mail.faxm0dem.org (faxm0dem.org [82.224.162.122]) by smtp7-g19.free.fr (Postfix) with ESMTP id 5E44F1A37D for ; Fri, 21 Sep 2007 22:27:13 +0200 (CEST) Received: by mail.faxm0dem.org (Postfix, from userid 1000) id CDEFFB7; Fri, 21 Sep 2007 22:27:12 +0200 (CEST) Date: Fri, 21 Sep 2007 22:27:12 +0200 From: Fabien Wernli To: users@conserver.com Subject: Re: Proposal: Inhibit "console down" Message-ID: <20070921202712.GB9836@mail.faxm0dem.org> Mail-Followup-To: users@conserver.com References: <2461A50AD2345646B1C4B3D7BA40B8E202ED452C@USNWK102MSX.ww017.siemens.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Organization: CC-IN2P3 (CNRS) User-Agent: Mutt/1.5.9i X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.62 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: wernli@in2p3.fr List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2007 20:27:24 -0000 On Fri, Sep 21, 2007 at 02:29:02PM -0400, Greg A. Woods wrote: > I admit I'm not a common user of most types of non-computing devices > that many conserver users may have connected to their console servers > for one reason or another, but I must say I've never encountered any > kind of device in recent years that echoed a password back to the user. I once came across a device, I think it was a Sun storage controller (6120?) which actually echoed back the password, character by character, but immediately backspaced and replaced it with a '*' ;-) From sommerfeld@sun.com Fri Sep 21 13:49:38 2007 Received: from brmea-mail-3.sun.com (brmea-mail-3.Sun.COM [192.18.98.34]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l8LKnUmA010285 for ; Fri, 21 Sep 2007 13:49:36 -0700 (PDT) Received: from dm-east-02.east.sun.com ([129.148.13.5]) by brmea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id l8LKnTWW008734; Fri, 21 Sep 2007 20:49:30 GMT Received: from thunk.east.sun.com (thunk.East.Sun.COM [129.148.174.66]) by dm-east-02.east.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.2) with ESMTP id l8LKnTA1029085; Fri, 21 Sep 2007 16:49:29 -0400 (EDT) Received: from [IPv6:::1] (localhost [IPv6:::1]) by thunk.east.sun.com (8.14.1+Sun/8.14.1) with ESMTP id l8LKnOYD014838; Fri, 21 Sep 2007 16:49:28 -0400 (EDT) Subject: Re: Proposal: Inhibit "console down" From: Bill Sommerfeld To: wernli@in2p3.fr In-Reply-To: <20070921202712.GB9836@mail.faxm0dem.org> References: <2461A50AD2345646B1C4B3D7BA40B8E202ED452C@USNWK102MSX.ww017.siemens.net> <20070921202712.GB9836@mail.faxm0dem.org> Content-Type: text/plain Date: Fri, 21 Sep 2007 16:49:23 -0400 Message-Id: <1190407763.13474.32.camel@thunk> Mime-Version: 1.0 X-Mailer: Evolution 2.10.2 Content-Transfer-Encoding: 7bit X-Spam-Score: -1.11 () BAYES_05 X-Scanned-By: MIMEDefang 2.62 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Sep 2007 20:49:39 -0000 On Fri, 2007-09-21 at 22:27 +0200, Fabien Wernli wrote: > I once came across a device, I think it was a Sun storage controller (6120?) > which actually echoed back the password, character by character, but > immediately backspaced and replaced it with a '*' ;-) are you sure it was the 6120? I'll file the bug if you can be a little more specific. firmware revision and a log demonstrating the bug (not with the real password!) would be great. - Bill From Lisa.Doherty@nau.edu Mon Sep 24 23:21:15 2007 Received: from mailgate5.nau.edu (mailgate5.nau.edu [134.114.96.205]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l8P6L739001214 for ; Mon, 24 Sep 2007 23:21:13 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate5.nau.edu (Postfix) with ESMTP id 0763E6B40BB for ; Mon, 24 Sep 2007 13:00:38 -0700 (MST) X-Virus-Scanned: amavisd-new at nau.edu Received: from mailgate5.nau.edu ([127.0.0.1]) by localhost (mailgate5.nau.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JlG+YJGilMF7 for ; Mon, 24 Sep 2007 13:00:37 -0700 (MST) Received: from [134.114.32.130] (ucc286.ucc.nau.edu [134.114.32.130]) by mailgate5.nau.edu (Postfix) with ESMTP id D8D2F6B4030 for ; Mon, 24 Sep 2007 13:00:37 -0700 (MST) Message-ID: <46F81765.9020007@nau.edu> Date: Mon, 24 Sep 2007 13:00:37 -0700 From: Lisa Doherty Organization: Northern Arizona University User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: users@conserver.com Subject: console connection prompts for root password Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.74 () BAYES_20 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Lisa.Doherty@nau.edu List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2007 06:21:16 -0000 I'm new to this list and to conserver. I have just set up an OpenGear CM4148 console server attached to a single conserver client machine running RedHat AS 4. Things seem to be working fine, but I'd like to make a change to the password behavior. Currently, I log in to the conserver client machine and attach to "console fred". The MOTD appears and I have to press the Enter key to continue. The I am prompted for a root password. Once I enter that, I get a console login prompt "fred console login: ". Is there a way to configure conserver so that there is not a prompt for the root password before receiving the console login prompt? I would like to be able to just attach to the console using "console fred" and get the "fred console login: " prompt without having any other password prompt in between. Any help is appreciated, Lisa From david.k.harris@siemens.com Tue Sep 25 08:32:07 2007 Received: from usnwk221srv.usa.siemens.com (usnwksmtp03e.usa.siemens.com [12.46.135.32]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l8PFVw5Y021218 for ; Tue, 25 Sep 2007 08:32:04 -0700 (PDT) Received: from usnwk206a.ww017.siemens.net ([155.45.111.74]) by usnwk221srv.usa.siemens.com with InterScan Messaging Security Suite; Tue, 25 Sep 2007 08:31:55 -0700 Received: from USNWK102MSX.ww017.siemens.net ([155.45.111.56]) by usnwk206a.ww017.siemens.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 25 Sep 2007 08:31:57 -0700 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Subject: RE: console connection prompts for root password Date: Tue, 25 Sep 2007 08:31:56 -0700 Message-ID: <2461A50AD2345646B1C4B3D7BA40B8E203084396@USNWK102MSX.ww017.siemens.net> In-Reply-To: <46F81765.9020007@nau.edu> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: console connection prompts for root password Thread-Index: Acf/POuTQgTaAKusSdC0hIWrppLV0gAS/0sQ From: "Harris, David (IT Solutions US)" To: , X-OriginalArrivalTime: 25 Sep 2007 15:31:57.0055 (UTC) FILETIME=[3524B8F0:01C7FF89] X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2007 15:32:08 -0000 You are describing the difference between an 'allowed' connection, and a 'trusted' connection. :-) In your conserver.cf file, at the bottom, try adding the IP address of the machine you are using the client from, and denoting it as "trusted". This presumes that you have faith in the authentication on the 'client', so then Conserver will not challenge you again for the password as you connect through the server. :-) -Z- David 'Zonker' Harris Silicon Valley Service Delivery Center, Network Operations =20 Siemens IT Solutions and Services, Inc.=20 Infrastructure Management Services 39600 Eureka Drive Newark, CA 94560 Tel: 510 624-5524 Mob: 510 648-0701 Fax: 510 624-5508 mailto: david.k.harris@siemens.com=20 www.usa.siemens.com/it-solutions =20 -----Original Message----- From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Lisa Doherty Sent: Monday, September 24, 2007 1:01 PM To: users@conserver.com Subject: console connection prompts for root password I'm new to this list and to conserver. I have just set up an OpenGear=20 CM4148 console server attached to a single conserver client machine=20 running RedHat AS 4. Things seem to be working fine, but I'd like to=20 make a change to the password behavior. Currently, I log in to the conserver client machine and attach to=20 "console fred". The MOTD appears and I have to press the Enter key to=20 continue. The I am prompted for a root password. Once I enter that, I=20 get a console login prompt "fred console login: ". Is there a way to=20 configure conserver so that there is not a prompt for the root password=20 before receiving the console login prompt? I would like to be able to just attach to the console using "console=20 fred" and get the "fred console login: " prompt without having any=20 other password prompt in between. Any help is appreciated, Lisa _______________________________________________ users mailing list users@conserver.com https://www.conserver.com/mailman/listinfo/users From woods@whats.weird.com Tue Sep 25 08:47:45 2007 Received: from most.weird.com (most.weird.com [204.92.254.2]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l8PFlMwI021367 for ; Tue, 25 Sep 2007 08:47:27 -0700 (PDT) Received: from whats.weird.com ([204.92.254.9] port=59824) by most.weird.com([204.92.254.2] port=25) via TCP with esmtp (3601 bytes) (sender: ) (ident <[aAAC/cxXY32YnKUhsORlk4vc5FxxUJdPS5OEGTn5GkvlOop7q6xAoGd9jB2qSweo0PAbJo5erpcZeGi6aDbuRA==]> using rfc1413) id for ; Tue, 25 Sep 2007 11:47:21 -0400 (EDT) (Smail-3.2.0.122-Pre 2005-Nov-17 #1 built 2007-Sep-4) Message-Id: Date: Tue, 25 Sep 2007 11:47:17 -0400 From: "Greg A. Woods" To: "Conserver Users's Mailing List" Subject: Re: Proposal: Inhibit "console down" In-Reply-To: <6D702152-1E47-401F-8261-7DDEB5C96C28@distal.com> References: <2461A50AD2345646B1C4B3D7BA40B8E202ED452C@USNWK102MSX.ww017.siemens.net> <6D702152-1E47-401F-8261-7DDEB5C96C28@distal.com> User-Agent: Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (=?ISO-8859-4?Q?Sanj=F2?=) APEL/10.6 Emacs/21.4 (alpha--netbsd) MULE/5.0 (SAKAKI) X-Face: ; j3Eth2XV8h1Yfu*uL{<:dQ$#E[DB0gemGZJ"J#4fH*][ lz; @-iwMv_u\6uIEKR0KY"=MzoQH#CrqBN`nG_5B@rrM8,f~Gr&h5a\= List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Sep 2007 15:47:46 -0000 --pgp-sign-Multipart_Tue_Sep_25_11:47:17_2007-1 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable At Fri, 21 Sep 2007 15:02:40 -0400, Chris Ross wrote: Subject: Re: Proposal: Inhibit "console down" >=20 >=20 > On Sep 21, 2007, at 14:29, Greg A. Woods wrote: > > I admit I'm not a common user of most types of non-computing devices > > that many conserver users may have connected to their console servers > > for one reason or another, but I must say I've never encountered any > > kind of device in recent years that echoed a password back to the =20 > > user. >=20 > It's very common for routers to require you to enter a new =20 > password in > into the CLI, which will be echo'd. The password prompts don't =20 > typically > echo passwords, but passwords are sometimes used in other ways. This > is the first example I have thought of, but I'm sure there are others. That's still an _extremely_ poor excuse. Even with such a feature conserver cannot save you from accidentally recording such a password in your console logs. If the goal is to protect such passwords from casual observers then having a manual hook in conserver allowing the operator to disable logging temporarily is most definitely NOT any kind of valid solution. A correct and secure solution will probably involve never logging any session to any such poorly designed device, or else always protecting all logs from such poorly designed devices from being viewed by unauthorized persons. --=20 Greg A. Woods H:+1 416 218-0098 W:+1 416 489-5852 x122 VE3TCP RoboHack Planix, Inc. Secrets of the Weird --pgp-sign-Multipart_Tue_Sep_25_11:47:17_2007-1 Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use MessageID: XUAfykJQk5YKR3LiHAGU90tGeunql36O iQA/AwUBRvkthWJ7XxTCWceFEQJnFgCgtaEuY/mWPPv5IDFrO33Oo5O2aZQAoP3Z UMJAAwzXQu1IXpPlGIKa6hcn =Iim8 -----END PGP SIGNATURE----- --pgp-sign-Multipart_Tue_Sep_25_11:47:17_2007-1-- From Lisa.Doherty@nau.edu Wed Sep 26 10:09:40 2007 Received: from mailgate5.nau.edu (mailgate5.nau.edu [134.114.96.205]) by underdog.stansell.org (8.14.1/8.14.1) with ESMTP id l8QH9Vqu014030 for ; Wed, 26 Sep 2007 10:09:37 -0700 (PDT) Received: from localhost (localhost.localdomain [127.0.0.1]) by mailgate5.nau.edu (Postfix) with ESMTP id 98F3A6B43FA; Wed, 26 Sep 2007 10:09:31 -0700 (MST) X-Virus-Scanned: amavisd-new at nau.edu Received: from mailgate5.nau.edu ([127.0.0.1]) by localhost (mailgate5.nau.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ER2SXv+jj2yQ; Wed, 26 Sep 2007 10:09:31 -0700 (MST) Received: from [134.114.32.130] (ucc286.ucc.nau.edu [134.114.32.130]) by mailgate5.nau.edu (Postfix) with ESMTP id 7EE1C6B416C; Wed, 26 Sep 2007 10:09:31 -0700 (MST) Message-ID: <46FA924B.3040407@nau.edu> Date: Wed, 26 Sep 2007 10:09:31 -0700 From: Lisa Doherty Organization: Northern Arizona University User-Agent: Thunderbird 2.0.0.6 (Windows/20070728) MIME-Version: 1.0 To: "Harris, David (IT Solutions US)" Subject: Re: console connection prompts for root password References: <2461A50AD2345646B1C4B3D7BA40B8E203084396@USNWK102MSX.ww017.siemens.net> In-Reply-To: <2461A50AD2345646B1C4B3D7BA40B8E203084396@USNWK102MSX.ww017.siemens.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -2.312 () BAYES_00 X-Scanned-By: MIMEDefang 2.63 on 209.182.219.30 Cc: users@conserver.com X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.9 Precedence: list Reply-To: Lisa.Doherty@nau.edu List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 26 Sep 2007 17:09:41 -0000 Thank you. Things are working as expected now. Lisa Harris, David (IT Solutions US) wrote: > You are describing the difference between an 'allowed' connection, > and a 'trusted' connection. :-) > > In your conserver.cf file, at the bottom, try adding the IP address of > the machine you are using the client from, and denoting it as "trusted". > This presumes that you have faith in the authentication on the 'client', > so then Conserver will not challenge you again for the password as you > connect through the server. :-) > > -Z- > > David 'Zonker' Harris > Silicon Valley Service Delivery Center, Network Operations > > Siemens IT Solutions and Services, Inc. > Infrastructure Management Services > 39600 Eureka Drive > Newark, CA 94560 > Tel: 510 624-5524 > Mob: 510 648-0701 > Fax: 510 624-5508 > mailto: david.k.harris@siemens.com > www.usa.siemens.com/it-solutions > > > -----Original Message----- > From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] > On Behalf Of Lisa Doherty > Sent: Monday, September 24, 2007 1:01 PM > To: users@conserver.com > Subject: console connection prompts for root password > > I'm new to this list and to conserver. I have just set up an OpenGear > CM4148 console server attached to a single conserver client machine > running RedHat AS 4. Things seem to be working fine, but I'd like to > make a change to the password behavior. > > Currently, I log in to the conserver client machine and attach to > "console fred". The MOTD appears and I have to press the Enter key to > continue. The I am prompted for a root password. Once I enter that, I > get a console login prompt "fred console login: ". Is there a way to > configure conserver so that there is not a prompt for the root password > before receiving the console login prompt? > > I would like to be able to just attach to the console using "console > fred" and get the "fred console login: " prompt without having any > other password prompt in between. > > Any help is appreciated, > > Lisa > _______________________________________________ > users mailing list > users@conserver.com > https://www.conserver.com/mailman/listinfo/users >