Linux Serial Consoles for Servers and Clusters
At this point, we have described a Linux system that can boot up without a directly attached keyboard and monitor. It uses the first serial port for all informational messages as the system boots and accepts logins from that console once the system is up. But to what should you connect that console port? There is a world of possibilities. If you have no particular need for remote-console access, you simply can leave the port unconnected until you need to maintain the system. You can use a computer or laptop connected over a null modem with the minicom program to access your system's console. Simply configure minicom to speak to an unused serial port, set the speed to 9,600 baud, 8 bits, no parity and 1-stop bit (aka 9600-8n1). Cable the systems together, then watch the system boot and eventually ask you to log in.
For remote access to a server's console, you can set up a console concentrator, which is a lot like a terminal server. It can be a homegrown Linux box with multiport serial cards, giving you as many ports as you have servers. With this kind of setup, you can access all your servers' consoles by logging in to a single dedicated Linux box.
If you like the idea of remote access to your consoles but want more of an appliance, a number of products can help. Cyclades (www.cyclades.com) makes a console concentrator called AlterPath; it is reasonably priced and comes in 1, 4, 8, 16, 32 and 48-port models. The AlterPath units run Linux internally from Flash memory. A Web interface is used for configuration, or you can modify the configuration files directly through a shell login.
The most flexible way to configure the Cyclades unit is to present the consoles using Cyclades' modified SSH dæmon. This way you can SSH directly to each connected server's console port, which is identified by a textual name you choose. So, to connect to a server identified as server hooked to a Cyclades unit with a hostname of cyclades as the user matt, the command would look like: ssh matt:server@cyclades. (The colon syntax is a Cyclades modification to sshd, allowing you to pass a port name.) This setup is easy to use, and you even can set up SSH private key authentication.
Other vendors make console concentrators or servers, including Digi (www.digi.com), Equinox (www.equinox.com) and Raritan (www.raritan.com). All of these vendors offer network-attached serial console products.
As mentioned earlier, serial consoles on standard PC hardware lack some of the features available on enterprise UNIX hardware. One solution is PC Weasel (www.realweasel.com), which comes in the form of a PCI or ISA card. This device emulates a video card and translates all output to the serial port as normal terminal escape sequences. Input from the serial port is translated into PC keyboard scan codes. Because it looks like a video card to the system, the system allows it full access to BIOS and POST. Additional features allow you to do a remote hard reset. The PC Weasel also has its own processor, so it is available even if the host into which it is plugged crashes.
If you would like to build your own console concentrator, some options are available to make it a little better than a simple box with a lot of serial ports. Conserver (www.conserver.com) is an open-source software package for managing systems connected to serial consoles. It supports SSL encryption and is highly configurable.
Resources for this article: /article/7507.
Matthew E. Hoskins is a Linux/UNIX system administrator for The New Jersey Institute of Technology, where he maintains many of the corporate administrative systems. He enjoys trying to get wildly different systems and software working together, usually with a thin layer of Perl (also known as MattGlue). He can be reached at firstname.lastname@example.org.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Firefox 46.0 Released
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- The Death of RoboVM
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- New Container Image Standard Promises More Portable Apps
- Open-Source Project Secretly Funded by CIA
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide