[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Luke S Crawford lsc@prgmr.com
Tue, 1 Dec 2009 00:11:07 GMT
Bjorn Helgaas <bjorn.helgaas@hp.com> writes: > I'd really like to be able to use a conserver escape sequence to > reset or power cycle a system, for example, by using PowerMan. > Having this ability inside conserver would be handy because it > would automatically target the correct machine and reduce the need > to exit/re-enter "console". > > Is there a way to do this in conserver? Would this be useful to > anybody else? Now, I soppose my use case is a little different from most people's... but I have mutually untrusting users on my system, so I need to be more concerned about security than perhaps some of you do, who have the conserver on the 'trusted network' (not that I really believe in such things.) I try to keep my rebooters and my serial consoles on different security systems (not sharing passwords; using ssh public keys or otherwise setting it up so that even if one system is compromised, the other is not. I try to run them on different operating systems, too.) That way, so long as people set root passwords (and I disable magic sysrq) even if you compromise my console system, you don't immediately have root on all my servers; you at least have to wait for someone to login as root (and in my system, we've got different root passwords; my console system handles servers owned by different people.) if you break into my rebooter system, well, you can cause havoc by rebooting everything, but you don't have access to the data unless you also break into the console system. (If you have both, really, it's all over. Everything is compromised.) -- Luke S. Crawford http://prgmr.com/xen/ - Hosting for the technically adept http://nostarch.com/xen.htm - We don't assume you are stupid.