Mailing List Archive

There isn't direct support for that, but I have seen folks use a script
(or actual compiled program) as a shell for a user, that then fires the
console client with the appropriate argument (to get to a specific
port). That way, when you authenticate with a particular user, it
automatically runs 'console <foo>' and when you exit, you're logged out.
I suppose if you name the account the same as the console, you could use
the username as the argument. There's a 'limited' option in the
conserver.cf to list users that aren't allowed specific actions, so they
can't switch to other consoles, invoke local commands, etc (just for
this purpose).

As for Windows, the current solution is to install cygwin and compile
conserver for that...it works fine. You just have a little extra
overhead of the cygwin environment to deal with.

There are other tools, like ser2net, that present a serial port as a
network connection. I don't know of anything that does SSL directly,
but there's this post about using stunnel to wrap around ser2net:

https://honor.icsalabs.com/pipermail/firewall-wizards/2002-September/013021.html

There's no authentication there, but perhaps with the proper use if
client certificates, you could at least gain some level of protection.

I hope that helps.

Bryan

On Sat, May 30, 2009 at 11:50:21PM -0400, Don Clark wrote:
> First let me start by I am new to conserver and I have it setup and
> working with the console client. But is there a way to setup conserver
> so I can ssh directly to a serial port? Or is there a console client for
> Windows(sorry but I have a few windows boxes)? A good example would be I
> what to ssh to /dev/ttyMI0, so I was thinking I would ssh to the
> conserver server on port 2000 and that port would direct me
> to /dev/ttyMI0
> Thanks in advance,
> Don
>
>
>
> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

At Tue, 2 Jun 2009 13:34:20 -0700, Bryan Stansell <bryan@conserver.com> wrote:
Subject: Re: conserver ?
>
> There isn't direct support for that, but I have seen folks use a script
> (or actual compiled program) as a shell for a user, that then fires the
> console client with the appropriate argument (to get to a specific
> port). That way, when you authenticate with a particular user, it
> automatically runs 'console <foo>' and when you exit, you're logged out.
> I suppose if you name the account the same as the console, you could use
> the username as the argument. There's a 'limited' option in the
> conserver.cf to list users that aren't allowed specific actions, so they
> can't switch to other consoles, invoke local commands, etc (just for
> this purpose).
>
> As for Windows, the current solution is to install cygwin and compile
> conserver for that...it works fine. You just have a little extra
> overhead of the cygwin environment to deal with.

Personally I would suggest the former, either with or without
configuring sshd and/or a login script to run only the "console" client
program.

While the ability to run "console" clients on remote systems is fun and
flexible, the security issues can very rapidly get out of control even
with careful use of SSL. Central control right on the conserver host
itself via SSH logins is the easiest to manage, and probably also the
easiest to use too, especially if you already have an SSH client on the
workstations you want to connect to consoles from.

--
Greg A. Woods

+1 416 218-0098 VE3TCP RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com> Secrets of the Weird <woods@weird.com>
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users

Thanks Brian & Greg. I went with the cygwin approach. I grabbed the
redhat version, it seemed to come with openssl and the make commands as
the base.
Thanks
Don

On Tue, 2009-06-02 at 20:15 -0400, Greg A. Woods wrote:
> At Tue, 2 Jun 2009 13:34:20 -0700, Bryan Stansell <bryan@conserver.com> wrote:
> Subject: Re: conserver ?
> >
> > There isn't direct support for that, but I have seen folks use a script
> > (or actual compiled program) as a shell for a user, that then fires the
> > console client with the appropriate argument (to get to a specific
> > port). That way, when you authenticate with a particular user, it
> > automatically runs 'console <foo>' and when you exit, you're logged out.
> > I suppose if you name the account the same as the console, you could use
> > the username as the argument. There's a 'limited' option in the
> > conserver.cf to list users that aren't allowed specific actions, so they
> > can't switch to other consoles, invoke local commands, etc (just for
> > this purpose).
> >
> > As for Windows, the current solution is to install cygwin and compile
> > conserver for that...it works fine. You just have a little extra
> > overhead of the cygwin environment to deal with.
>
> Personally I would suggest the former, either with or without
> configuring sshd and/or a login script to run only the "console" client
> program.
>
> While the ability to run "console" clients on remote systems is fun and
> flexible, the security issues can very rapidly get out of control even
> with careful use of SSL. Central control right on the conserver host
> itself via SSH logins is the easiest to manage, and probably also the
> easiest to use too, especially if you already have an SSH client on the
> workstations you want to connect to consoles from.
>

_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users