Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. conserver>
  3. users
TRU64 question
fparki at acxiom
Sep 17, 2002, 9:11 AM
Post #1 of 5 (680 views)
Permalink
We have several TRU64 servers whose console serial cables are connected to a
DEC 900 terminal server.

We currently use TECSys Consoleworks for remote administration but we are
looking for an alternative.


I have set-up one console. When I try to connect I get the following
message:


./console bfm
console: bfm is down
[Enter `^Ec?' for help]
[read-only -- use ^E c ? for help]


The console log (nohup) reports only the following ...


conserver (75809): bfm: login root@mersey [Tue Sep 17
16:49:08 2002]
conserver (75809): bfm: logout root@mersey [Tue Sep 17
16:54:43 2002]


conserver.cf reads ...

LOGDIR=/var/consoles
bfm:!10.92.54.13:2022:&:
%%
trusted: mersey


conserver.passwd reads ...

any:*passwd*:any


/etc/services reads ...

console 782/tcp conserver


Output from from conserver -V ...

conserver: conserver.com version 7.2.2
conserver: default access type `r'
conserver: default escape sequence `^Ec'
conserver: configuration in `/usr/local/etc/conserver.cf'
conserver: password in `/usr/local/etc/conserver.passwd'
conserver: logfile is `/var/log/conserver'
conserver: pidfile is `/var/run/conserver.pid'
conserver: limited to 16 members per group
conserver: on port 782 (referenced as `conserver')
conserver: secondary channel base port 0 (referenced as `0')
conserver: built with `./configure --with-64bit
--with-master=mersey'


DEC server 900 config is as follows ...

Local> DEFINE PORT 5 ACCESS REMOTE AUTOBAUD DISABLED
Local> DEFINE PORT 5 SPEED 9600 MODEM CONTROL ENABLED
Local> DEFINE PORT 5 AUTOPROMPT DISABLED BROADCAST DISABLED
Local> DEFINE PORT 5 PREFERRED NONE DEDICATED NONE
Local> LOGOUT PORT 5
Local> CHANGE TELNET LISTENER 2005 PORT 5 ENABLED
Local> CHANGE TELNET LISTENER 2005 CONNECTIONS ENABLED



Can anyone point me in the right direction? The DEC 900 settings work fine
with Consoleworks therefore I am assuming that this a conserver set-up
problem.

Thanks
Frank


*********************************************************************

The information contained in this communication is
confidential, is intended only for the use of the recipient
named above, and may be legally privileged.
If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly
prohibited.
If you have received this communication in error,
please re-send this communication to the sender and
delete the original message or any copy of it from your
computer system. Thank You.
Re: TRU64 question [ In reply to ]
bryan at conserver
Sep 17, 2002, 10:57 AM
Post #2 of 5 (666 views)
Permalink
well, i have two suggestions for you. first, with things shut down, can you
successfully do a 'telnet 10.92.54.13 2022' and get connected to the serial
port? if so, then things *should* be good. if not, either consoleworks is
still managing the port, or there's another problem.

if the telnet works and cranking up conserver shows the port as down, then
try running conserver with the -v option for a little more info. it should
(ideally, it should have said something without the -v) say something about
why the port is still down - like a connection refused or something of that
nature. if the -v doesn't enlighten things, try adding a -D as well. try
a connection (that results in a down message), and send me the entire log.
i might be able to tell you what's going on, if it doesn't jump out at you.

Bryan
RE: TRU64 question [ In reply to ]
fparki at acxiom
Sep 18, 2002, 1:31 AM
Post #3 of 5 (671 views)
Permalink
Thank you for the quick response.

You were "spot-on" ... Consoleworks was managing the port. As soon as we
deleted the entry in Consoleworks ... conserver was able to do its stuff.

A couple of questions ...

1. All client/server traffic (including root and user passwords) is
passed
``in the clear''. Extreme care should be taken to insure no
one is
``snooping'' this private data. One day the traffic will be
encrypted.

Has anyone got any suggestions to harden the security of conserver?

2. Also, once connected to a console, how do you exit back to your
original Telnet session ... tried ctrl+c ... ctrl+d?

Many thanks
Frank


-----Original Message-----
From: bryan@conserver.com [mailto:bryan@conserver.com]
Sent: 17 September 2002 18:58
To: 'users@conserver.com'
Subject: Re: TRU64 question

well, i have two suggestions for you. first, with things
shut down, can you
successfully do a 'telnet 10.92.54.13 2022' and get
connected to the serial
port? if so, then things *should* be good. if not, either
consoleworks is
still managing the port, or there's another problem.

if the telnet works and cranking up conserver shows the port
as down, then
try running conserver with the -v option for a little more
info. it should
(ideally, it should have said something without the -v) say
something about
why the port is still down - like a connection refused or
something of that
nature. if the -v doesn't enlighten things, try adding a -D
as well. try
a connection (that results in a down message), and send me
the entire log.
i might be able to tell you what's going on, if it doesn't
jump out at you.

Bryan
_______________________________________________
users mailing list
users@conserver.com
https://www.conserver.com/mailman/listinfo/users


*********************************************************************

The information contained in this communication is
confidential, is intended only for the use of the recipient
named above, and may be legally privileged.
If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination,
distribution, or copying of this communication is strictly
prohibited.
If you have received this communication in error,
please re-send this communication to the sender and
delete the original message or any copy of it from your
computer system. Thank You.
Re: TRU64 question [ In reply to ]
bryan at conserver
Sep 18, 2002, 8:00 PM
Post #4 of 5 (666 views)
Permalink
On Wed, Sep 18, 2002 at 09:31:25AM +0100, Parkin Frank - fparki wrote:
> A couple of questions ...
>
> 1. All client/server traffic (including root and user passwords) is
> passed
> ``in the clear''. Extreme care should be taken to insure no
> one is
> ``snooping'' this private data. One day the traffic will be
> encrypted.
>
> Has anyone got any suggestions to harden the security of conserver?

i've mentioned a couple ideas on the users mailing list. you can do a
search on the main page to find stuff. dedicated, protected, networks
are your best bet at the moment, i believe.

> 2. Also, once connected to a console, how do you exit back to your
> original Telnet session ... tried ctrl+c ... ctrl+d?

'ctrl-e', 'c', '.' is the default sequence. the console.man page
should fill in all the details about what a client can do - everything is
accessed via 'ctrl-e', 'c' by default.

Bryan
Re: TRU64 question [ In reply to ]
czwanzig at panasas
Sep 18, 2002, 8:57 PM
Post #5 of 5 (665 views)
Permalink
Bryan Stansell wrote:

> On Wed, Sep 18, 2002 at 09:31:25AM +0100, Parkin Frank - fparki wrote:
> > Has anyone got any suggestions to harden the security of conserver?

> i've mentioned a couple ideas on the users mailing list. you can do a
> search on the main page to find stuff. dedicated, protected, networks
> are your best bet at the moment, i believe.

FWIW, the large show network at Networld+Interop (remember that?) always
included a unrouted (flat) network to connect all of the terminals
servers & device management ports. You could only get to it from the NOC
network via NOC routers (aggressively filtered). We would also sometimes
play games with not setting default routes on some equipment to keep
them from talking to unknown sources.

z!
Carl Zwanzig

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal