Iain Rae Division of Informatics

iainr@dcs.ed.ac.uk

$Revision: 1.3 $ $Date: 2001/04/25 09:14:13 $ $Author: iainr $ Incomplete draft. This document is a basic guide to using the conserver console server program within the division. It covers the use of the sshconsole and console commands, issues relating to the hardware and the specifics of the local configuration. The Division maintains a number of console servers in order to remotely administer some of our servers. Each server is configured to provide a console session on a the first serial port (com1 on PC's, ttya on workstations), which is in turn linked via a series of RJ45 and DB9/25 serial connections to a serial port on the PC acting as the console server. A daemon, conserver, runs on each console server allowing network access. (ssh)console allows administrators to connect to the appropriate console server and access any console. console-aAfFsS]-rv-e esc-M serverhost console is a client command which establishes a session with the appropriate conserver daemon running on a PC with a serial connection to the console specified on the command line. When invoked console connects to the master conserver server to establish which server is physically attached to the console you wish to connect to. If the console is not on one of the master server's serial ports console drops the connection and connects to the server which is attached.Since console does not support encryption you should use sshconsole which does and takes the same arguments. sshconsole-aAfFsS-rv-e escape sequence-M serverhost sshconsole is a wrapper script using ssh. console does not support encrypted connections and it is not possible to tunnel the connections through ssh, kerberos or ssl. sshconsole establishes a transparent ssh connection to the console server and runs console locally, and command line arguments are passed though to console so any valid console arguments can be used though the use of sshconsole-M hostname is discouraged. To connect to the serial console on a host run sshconsole with the hostname as an argument, the script should connect to the appropriate host and ask for your password (it uses the username of whoever has run the script). i.e. [magrathea]iainr: sshconsole heather Enter iainr's password: [Enter `^]^]?' for help] [replay] Password: . Login incorrect heather console login: Password: ^C^E Login incorrect heather console login: heather console login: ^[ Password: Login incorrect heather console login: heather console login: heather console login: heather console login: ^C^E heather console login: . Password: heather console login: This prompt may vary on how the escape sequence is defined, you can override the built in default of ^]^] using the -e argument. By default sshconsole will connect using the -A option which will replay the previous 20 lines, if you override with the -a option then you may have to hit <cr> a couple of times to get the console. Once attached the terminal should behave as if you were using a dumb terminall physically attached to the serial console. Depending on which program you are using there may be problems with control key combinations if you hit any then let me know iainr@dcs.ed.ac.ac.uk and I'll take a look. If you want to use any of the conserver features then you need to drop out of the session using the escape sequence followed by the one character command. For a list of commands hit the escape sequence followed by ?. i.e. [magrathea]iainr: sshconsole heather Enter iainr's password: [Enter `^]^]?' for help] heather console login: [help] . disconnect a attach read/write c toggle flow control d down a console e change escape sequence f force attach read/write g group info L toggle logging on/off l1 send break (halt host!) o (re)open the tty and log file p replay the last 60 lines r replay the last 20 lines s spy read only u show host status v show version info w who is on this console x show console baud info z suspend the connection <cr> ignore/abort command ? print this message ^R short replay \ooo send character by octal code This will display a [ prompt when you type the control sequence and fill in the rest when you hit the 1 character command. hitting ^]^]. will cause the session to terminate. [magrathea]iainr: sshconsole heather Enter iainr's password: [Enter `^]^]?' for help] heather console login: [disconnect] Connection to console closed. sshconsole-v -hdDuVwx -b message We can use sshconsole without actually logging in to do a number of things, seeing who is attached to which consoles, console status, broadcasting messages and information about the daemons The -u, -w and -x commands provide information about the status of the consoles, who is attached and what consoles are active respectively. examples [marmion]iainr: ./sshconsole -u servers are:claise minibw1 up <none> minibw2 up <none> heather up iainr@ deadhost up <none> Connection to claise closed. [marmion]iainr: ./sshconsole -w servers are:claise iainr@ attach 0:00 heather Connection to claise closed. [marmion]iainr: ./sshconsole -x servers are:claise minibw1 on /dev/ttyS0 at 9600p minibw2 on /dev/ttyS1 at 9600p heather on /dev/cub0 at 9600p deadhost on /dev/cub31 at 9600p Connection to claise closed. sshconsole will show the servers it is polling for information, if it fails to connect you will get an error message. NB the up reported by -u refers to the port connection within conserver, not to whether there is anything active on the port. In the example above there is nothing connected to /dev/cub31. we can send short messages using the -b option, these should be quoted. The message will be broadcast on all consoles on all servers (that sshconsole can find in lcfg), there is currently no way of sending messages to a specific console or user. sshconsole will pooll servers in turn attempting to send the message, you will get error messages if it cannot connect but won't stop until it has tried all servers. [marmion]iainr: ./sshconsole -b "this is a test" servers are:claise Connection to claise closed. [marmion]iainr: Anyone attached will see Red Hat Linux release 6.2 (Zoot) Kernel 2.2.16_public-3.dcs.9 on an i686 minibw1.dcs.ed.ac.uk login: [-- Console server shutting down --] Connection to console closed. [magrathea]iainr: sshconsole heather Enter iainr's password: [Enter `^Ec?' for help] heather console login: [Broadcast: this is a test] sshconsole -s -S -f -F ^]^]f ^]^]F ^]^]s ^]^]S Conserver allows multiple users to be connected to a console but only one can be using the console at any one time (is attached). Usually this will be the first person to connect, and any subsequent connection will be read only (spy mode). If this is the case then running sshconsole -w will show who is attached and who is running in spy mode, [magrathea]iainr: sshconsole -w gmdr@ spy 0:00 heather iainr@ attach 0:00 heather Connection to console closed. [magrathea]iainr: doing ^]^]w will show similar information if you are using sshconsole. Enter foo's password: [Enter `^]^]?' for help] [no, iainr@ is attached] [read-only -- use ^E c ? for help] iainr Password: Last login: Fri Mar 9 14:39:27 from allan.dcs.ed.ac. CTRL/C To stop x11 ^C[heather]iainr: [who heather] foo@ * spy 0:00 Sun Mar 11 18:14:53 2001 iainr@ attach 0:04 Sun Mar 11 18:14:34 2001 iainr is already attached to this console so foo drops to read-only (spy) mode. The * indicates which session this is. If we need to get access to a console and someone else is attached we can take over (bump) their session, this will show a message on the other user's screen showing who has taken over the session. [claise]foo: sshconsole heather Enter foo's password: [Enter `^]^]?' for help] [no, iainr@ is attached] [replay] heather console login: heather console login: iainr Password: Last login: Mon Mar 12 09:43:53 on console CTRL/C To stop x11 ^C[heather]iainr: pwd /a/bigga/disk/home/u8/iainr [heather]iainr: [who heather] foo@ * spy 0:00 Mon Mar 12 09:48:27 2001 iainr@ attach 0:00 Mon Mar 12 09:47:56 2001 [bumped iainr@] [heather]iainr: ls 6.2installdir.tgz 806-3814.pdf Articles Astronomy-HOWTO.sgml Astronomy-HOWTO.tex DEADJOE Desktop Mail News annex.def [heather]iainr: [who heather] foo@ * attach 0:00 Mon Mar 12 09:48:27 2001 iainr@ spy 0:07 Mon Mar 12 09:47:56 2001 foo logs in and as iainr is attached drops into spy mode, foo gets to see the last 20 lines on the console. foo takes over the console by hitting excape_sequence f, iainr drops back to spy mode If foo does ^]^]w we can see that he is now shown as attached The equivalent session shown on iainr's terminal looks like. [magrathea]iainr: sshconsole heather Enter iainr's password: [Enter `^]^]?' for help] heather console login: iainr Password: Last login: Mon Mar 12 09:43:53 on console CTRL/C To stop x11 ^C[heather]iainr: pwd /a/bigga/disk/home/u8/iainr [heather]iainr: [forced to `spy' mode by foo@] [heather]iainr: ls 6.2installdir.tgz 806-3814.pdf Articles Astronomy-HOWTO.sgml Astronomy-HOWTO.tex DEADJOE Desktop Mail News annex.def iainr logs in and starts doing things. foo has bumped iainr and iainr's session is now read-only (spy) This section gives step-by step instructions on adding and removing consoles and some things to watch out for.At the moment this section will only cover the server area in KB since that's all I know about :) Configure your server to use a serial console. Linux: add #include <linux_serialconsole.h> to the lcfg entry for the host. Solaris: add install.console vt100 to lcfg entry. Plumb your serial cable in, the console servers are patched into patch panel X on rack 7. This section needs to be expanded once we actually know what's physically happening and should detail how the ports map to serial devices and how panels map to console servers (if we have more than one). Now fire up rfe and edit the lcfg entry of the console server you're plugged into, there should be a series of entries like conserver.serial_ttyS0 minibw1:9600p:&:1h conserver.serial_ttyS1 minibw2:9600p:&:1h conserver.serial_cub0 heather:9600p:&:1h conserver.serial_cub31 deadhost:9600p:&:30m conserver.serial_cub30 anotherdead:9600p:&:1d you need to put an entry for (or edit the entry for) conserver.serial_<portname> the entry should consist of <hostname>:<portspeed>:<logfilename>:<mark interval>. portspeed should be set to 9600p, logfilename should be set to & which will default to the name of the host and finally the mark interval. Check to see if anyone is attached to a console (sshconsole -w) if there is you have 2 options, wait until they are finished or kill their session if you decide on the latter broadcasting a warning first might be the best approach. Finally run om <conserverserver>.conserver run which should re-build the configuration files and restart the daemon. You should now be able to sshconsole onto the console. Edit the lcfg entry for the server the console is attached to. Check to see if anyone is attached to a console (sshconsole -w) if there is you have 2 options, wait until they are finished or kill their session if you decide on the latter broadcasting a warning first might be the best approach. run om <conserverserver>.conserver run to update the configuration and restart the daemon. For the moment the same rules apply as for the consoles annex, do not power cycle the console server as it will issue a halt to any connected suns. Reread the conserver.cf file on recieving a SIGHUP to allow recnfiguration without restarting and so not kill active sessions. Integrate console with ssh or kerberos in order to provide a properly secured session integrate with PAM RFC1437 compliance would be really usefully when you absolutely have to hit the power button