Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Proper authentication model

  • From: Joe Abley
  • Date: Tue Jan 11 16:26:05 2005


On 11 Jan 2005, at 15:28, Kevin wrote:

On Tue, 11 Jan 2005 11:17:55 +0200, Kim Onnel <karim.adel@gmail.com> wrote:

Hello,
I'd like everyones 2 cents on the BCP for network management of an ISP
PoPs, with a non-security oriented NOC,
. . .
2) An OpenBSD bastion host(s), where the NOC would ssh in, get
authenticated from TACACS+ or ssh certs, and then just telnet from
there all day,
If the OpenBSD host is located in the same physical site as the Cisco
products, you have the additional option of providing serial console
access to the console port on the Cisco devices through the OpenBSD
bastion host.  To take this a step further, you can log all serial
port I/O to disk.

Using the serial console as your management port has one major
drawback (some would call it a feature), you can only have one person
(two with the AUX port) logged into a given router or switch at a
time.
To do both serial console access and continuous logging of console output (and to allow multiple users to simultaneously access the same console port) try rtty. It's old, and it hasn't been updated in ages, and it turns out that's ok because it Just Works.

At ISC, we've used rtty with PCI-based multi-port serial cards, and also with USB-based multi-port serial cards. It'll work with anything that can present a character device in /dev.

ftp://ftp.isc.org/isc/rtty/rtty-4.0.shar.gz


Joe





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.