[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Brodie, Kent brodie@mcw.edu
Tue, 30 May 2006 19:20:46 -0700 (PDT)
I didn't bother separating the networks-- but I did install an ssh key on the server, a separate userid for console operations, and it works pretty well. Easy to get going, once to bang your head against the wall getting ssh to behave. My conserver.cf config is rather simple, yet effective. I know I can lock it down further, but it works for me. Once I got it working, I locked down the terminal server and disabled telnet access. We use cyclades TS series. Here's my conserver config if it helps: # first, we're going to set some generic console defaults so that we # don't have to duplicate them for each console. default * { logfile /var/log/consoles/&; # '&' is replaced with console name timestamp 1hab; # write timestamps rw *; # allow all users master localhost; } ## These are term servers accessed with an ssh command ## local user on these is conserver, they have ssh keys for root ## from this host. # it too uses pattern substitution and such to get the job done default cyclades1 { type exec; host xyzzzz.xxxx.edu; exec /usr/bin/ssh -l conserver:P H; execsubst H=hs,P=Pd; portbase 7000; portinc 1; } default cyclades2 { type exec; host xyzzy.xxxxx.edu; exec /usr/bin/ssh -l conserver:P H; execsubst H=hs,P=Pd; portbase 7000; portinc 1; } # ------- define the consoles on ts1.conserver.com -------- console abc { include cyclades1; port 1; } console abc2 { include cyclades1; port 2; } console phred { include cyclades1; port 3; } console gray { include cyclades1; port 4; } ....etc.... -----Original Message----- From: users-bounces@conserver.com [mailto:users-bounces@conserver.com] On Behalf Of Bryan Stansell Sent: Tuesday, May 30, 2006 8:52 PM To: users@conserver.com Subject: Re: Searchable archives? Best practices? On Tue, May 30, 2006 at 03:35:27PM -0700, Arnold de Leon wrote: > Is there a searchable archive of the mailing list? Are search engines > able to crawl the archives? It looks like they are but are they > complete? the search box is on the main page (http://www.conserver.com/). ;-) it should be complete...dunno about crawlers. > What are considered best practices for connecting Cyclades ACS to > conserver? I'm transititioning an existing installation so the > Cyclades are not on a dedicated management network. I want to run SSH > between conserver and the Cyclades and right now I'm contemplating > installing an ssh key on the conserver server so it can connect to the > Cyclades. seems like a good path to me, but perhaps others who have actually done it could chime in. ;-) i know some script a username/login using chat or expect (i assume instead of using ssh keys). but i suppose chat/expect could be providing a ssh passphrase...all about the same, in my book. no matter what, you'd better keep *something* super-protected or risk unwanted access. Bryan _______________________________________________ users mailing list users@conserver.com https://www.conserver.com/mailman/listinfo/users