[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: conserver ?

Greg A. Woods woods-conserver@weird.com
Wed, 3 Jun 2009 00:15:14 GMT

At Tue, 2 Jun 2009 13:34:20 -0700, Bryan Stansell <bryan@conserver.com> wrote:
Subject: Re: conserver ?
> There isn't direct support for that, but I have seen folks use a script
> (or actual compiled program) as a shell for a user, that then fires the
> console client with the appropriate argument (to get to a specific
> port).  That way, when you authenticate with a particular user, it
> automatically runs 'console <foo>' and when you exit, you're logged out.
> I suppose if you name the account the same as the console, you could use
> the username as the argument.  There's a 'limited' option in the
> conserver.cf to list users that aren't allowed specific actions, so they
> can't switch to other consoles, invoke local commands, etc (just for
> this purpose).
> As for Windows, the current solution is to install cygwin and compile
> conserver for that...it works fine.  You just have a little extra
> overhead of the cygwin environment to deal with.

Personally I would suggest the former, either with or without
configuring sshd and/or a login script to run only the "console" client

While the ability to run "console" clients on remote systems is fun and
flexible, the security issues can very rapidly get out of control even
with careful use of SSL.  Central control right on the conserver host
itself via SSH logins is the easiest to manage, and probably also the
easiest to use too, especially if you already have an SSH client on the
workstations you want to connect to consoles from.

						Greg A. Woods

+1 416 218-0098                VE3TCP          RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>      Secrets of the Weird <woods@weird.com>