Yes serial console lines on workstations are not very good. With regard to the idea of running ppp over the serial console. On a sun box if you send a break down the console line the box drops to the boot prom. I expect that there are ways around this behavoir by changing the prom variables. I thought that the point of the serial console line was that it was a last resort communication mechanism because the box has become unresponsive from across the network. Lyndon Marcus J. Ranum wrote: > Joseph S. D. Yao wrote: > >> I also intend to do some "out-of-band" mgmt with a dialin > >> modem on the serial console of the two sun boxes (yes, yes, > >> wardialers I know). However, this is what the customer wants, > >> and I have no say-so, so I need to simply get it set up. > > > >Can you at least get them to use a dial-back modem? Or even strong > >authentication at the dial-in terminal server? > > Sounds like there's no terminal server there, just dialin on > the serial console. :( > > Warning: workstations often have incredibly lame serial consoles. > I don't know about the particular sun boxes you're planning to use > but I've had $40,000 screaming hot workstations barely able to handle > serial I/O at 38.8k. > > I've been pondering the secure remote management thing for a while > and was trying to come up with decent solutions that are dirt cheap. > Haven't tried this, but does anyone see a flaw with: > - have a log-in that drops you right into PPP using CHAP > - run ip_filt on the workstation to filter access via the PPP interface > - let only SSH in over PPP (or whatever other services are OK) > > mjr. > -- > Marcus J. Ranum, CEO, Network Flight Recorder, Inc. > work - http://www.nfr.net > home - http://www.clark.net/pub/mjr
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:05 PDT