Does such a system exist?
James Knott
james.knott-bJEeYj9oJeDQT0dZR+AlfA at public.gmane.org
Wed Aug 19 14:54:45 UTC 2009
Robert Brockway wrote:
> On Tue, 18 Aug 2009, S P Arif Sahari Wibowo wrote:
>
> [Proposed serial console daisy chain snipped]
>
>> Security just need to be setup in each machine to control who has
>> access to the serial port.
>
> Remember anyone with root on the box can 0wn the serial port and
> therefore the console of the adjoining box. They could easily brute
> force the root password or send Magic SysRq signals to the console.
>
>> Never actually got around to implement it, though; but seems
>> possible, what do you think?
>
> That approach does work from a technical POV. You should only do it if
> all of the servers are in the same 'security domain' though.
>
> An alternative is to designate a 'console server' which has the serial
> console of each box connected (a serial board is needed). You can
> selectively allow access to consoles based on account group membership
> on the console server. You can afford to make the console server at
> least as secure as any box it is connected to. Naturally root access
> to the console server is severely restricted.
It seems to me ssh is the better solution. If a computer is capable of
connecting via the serial port to the next computer, ssh would likely
work to.
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list