[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: power/reset control from conserver

Bjorn Helgaas bjorn.helgaas@hp.com
Tue, 1 Dec 2009 20:47:07 GMT 

On Monday 30 November 2009 05:11:26 pm Luke S Crawford wrote:
> Bjorn Helgaas <bjorn.helgaas@hp.com> writes:
> 
> > I'd really like to be able to use a conserver escape sequence to
> > reset or power cycle a system, for example, by using PowerMan.
> > Having this ability inside conserver would be handy because it
> > would automatically target the correct machine and reduce the need
> > to exit/re-enter "console".
> > 
> > Is there a way to do this in conserver?  Would this be useful to
> > anybody else?
> 
> Now, I soppose my use case is a little different from most people's...
> but I have mutually untrusting users on my system, so I need to be more 
> concerned about security than perhaps some of you do, who have the
> conserver on the 'trusted network'  (not that I really believe in 
> such things.)  
> 
> I try to keep my rebooters and my serial consoles on different security 
> systems (not sharing passwords;  using ssh public keys or otherwise 
> setting it up so that even if one system is compromised, the other is not.
> I try to run them on different operating systems, too.)  
> 
> That way, so long as people set root passwords (and I disable magic sysrq) 
> even if you compromise my console system, you don't immediately have root on
> all my servers;  you at least have to wait for someone to login 
> as root (and in my system, we've got different root passwords;  my
> console system handles servers owned by different people.)   
> 
> if you break into my rebooter system, well, you can cause havoc by rebooting
> everything, but you don't have access to the data unless you also
> break into the console system.  (If you have both, really, it's all over.
> Everything is compromised.)

I think the summary of this is "I wouldn't use this feature, and
here's why."  Right?

My use case *is* different: I have dozens of development machines
shared among trusted users.  One nuisance is that somebody intends
to reset A but mistakenly resets B instead.  Being able to do the
reset directly from conserver would reduce the likelihood of this.

Bjorn