[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: power/reset control from conserver

Luke S Crawford lsc@prgmr.com
Tue, 1 Dec 2009 00:11:07 GMT

Bjorn Helgaas <bjorn.helgaas@hp.com> writes:

> I'd really like to be able to use a conserver escape sequence to
> reset or power cycle a system, for example, by using PowerMan.
> Having this ability inside conserver would be handy because it
> would automatically target the correct machine and reduce the need
> to exit/re-enter "console".
> Is there a way to do this in conserver?  Would this be useful to
> anybody else?

Now, I soppose my use case is a little different from most people's...
but I have mutually untrusting users on my system, so I need to be more 
concerned about security than perhaps some of you do, who have the
conserver on the 'trusted network'  (not that I really believe in 
such things.)  

I try to keep my rebooters and my serial consoles on different security 
systems (not sharing passwords;  using ssh public keys or otherwise 
setting it up so that even if one system is compromised, the other is not.
I try to run them on different operating systems, too.)  

That way, so long as people set root passwords (and I disable magic sysrq) 
even if you compromise my console system, you don't immediately have root on
all my servers;  you at least have to wait for someone to login 
as root (and in my system, we've got different root passwords;  my
console system handles servers owned by different people.)   

if you break into my rebooter system, well, you can cause havoc by rebooting
everything, but you don't have access to the data unless you also
break into the console system.  (If you have both, really, it's all over.
Everything is compromised.)

Luke S. Crawford
http://prgmr.com/xen/         -   Hosting for the technically adept
http://nostarch.com/xen.htm   -   We don't assume you are stupid.