Re: Using serial console as a poor mans IP kvm?
On 9/8/16 3:26 PM, Jarle Aase wrote:
I want to set up a few servers at home. Unfortunately, as I live in
Bulgaria at the moment, the electric power is gone pretty often for
longer periods than my UPS'es can deal with. So my servers will have
to be started at least a few times every quarter.
Another challenge with living in Bulgaria is that there is no law or
order. The Police is just a branch of the Mafia. I need to protect the
data on the servers with full disk encryption in case they are stolen.
That means that I need to reboot the servers relatively often, and
provide the luks passwords every time. Some times I am far away when
this happens. I have been considering Supermicro motherboards with
built in support for remote management - or old KVM IP switches from
Ebay. The problem with Supermicro is that it's expensive and difficult
to get the RAM required for their recent Skylake boards. The problem
with Ebay is that few suppliers ships to Bulgaria, and getting
anything trough the custom's here takes a whole day. Then there is the
question if the device works at all...
So I'm thinking about serial consoles. My gateway router will reboot
after an outage, and it can act as a VPN endpoint. So I can access IP
devices. With a rasberry pi and some relays, I can probably trigger a
cold reboot whenever I need to. If I could log on to the grub console
on the servers over a serial link, that's all I need, really.
Does anyone here have any experience with remote control with Debian
boxes over serial? Will it work reliable?
It sort of works.
I've done this two ways:
1. External serial-to-ethernet box. The external box turns out to be
somewhat flakey, and a security hole (unpatched embedded linux with some
vulnerabilities, and it needs to be rekeyed annually, but that doesn't
actually work very smoothly).
2. Supermicro IPMI board: Sometimes works, sometimes simply doesn't
respond - usually when one needs it most.
In both cases, unless you layer a VPN on top of them, they are really
nasty security holes. I've ended up resorting to the old "call the data
center and have a human push the button" - but that doesn't sound like
it applies to your situation.
Good luck finding a solution.
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
Reply to: