Re: Using serial console as a poor mans IP kvm?

To: debian-user@lists.debian.org
Subject: Re: Using serial console as a poor mans IP kvm?
From: Miles Fidelman <mfidelman@meetinghouse.net>
Date: Thu, 8 Sep 2016 16:23:45 -0400
Message-id: <[🔎] a83acedd-409c-a034-3b0a-8620b2310c09@meetinghouse.net>
In-reply-to: <[🔎] 6206fe7b-2145-304a-7c68-0ba66ed942da@jgaa.com>
References: <[🔎] 6206fe7b-2145-304a-7c68-0ba66ed942da@jgaa.com>

On 9/8/16 3:26 PM, Jarle Aase wrote:

I want to set up a few servers at home. Unfortunately, as I live inBulgaria at the moment, the electric power is gone pretty often forlonger periods than my UPS'es can deal with. So my servers will haveto be started at least a few times every quarter.
Another challenge with living in Bulgaria is that there is no law ororder. The Police is just a branch of the Mafia. I need to protect thedata on the servers with full disk encryption in case they are stolen.
That means that I need to reboot the servers relatively often, andprovide the luks passwords every time. Some times I am far away whenthis happens. I have been considering Supermicro motherboards withbuilt in support for remote management - or old KVM IP switches fromEbay. The problem with Supermicro is that it's expensive and difficultto get the RAM required for their recent Skylake boards. The problemwith Ebay is that few suppliers ships to Bulgaria, and gettinganything trough the custom's here takes a whole day. Then there is thequestion if the device works at all...
So I'm thinking about serial consoles. My gateway router will rebootafter an outage, and it can act as a VPN endpoint. So I can access IPdevices. With a rasberry pi and some relays, I can probably trigger acold reboot whenever I need to. If I could log on to the grub consoleon the servers over a serial link, that's all I need, really.
Does anyone here have any experience with remote control with Debianboxes over serial? Will it work reliable?


It sort of works.

I've done this two ways:

1. External serial-to-ethernet box. The external box turns out to besomewhat flakey, and a security hole (unpatched embedded linux with somevulnerabilities, and it needs to be rekeyed annually, but that doesn'tactually work very smoothly).

2. Supermicro IPMI board: Sometimes works, sometimes simply doesn'trespond - usually when one needs it most.

In both cases, unless you layer a VPN on top of them, they are reallynasty security holes. I've ended up resorting to the old "call the datacenter and have a human push the button" - but that doesn't sound likeit applies to your situation.


Good luck finding a solution.

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.  .... Yogi Berra

Reply to:

References:
- Using serial console as a poor mans IP kvm?
  - From: Jarle Aase <jgaa@jgaa.com>

Prev by Date: Re: Re: Re: Re: [xfce] - power management
Next by Date: Re: Using serial console as a poor mans IP kvm?
Previous by thread: Re: Using serial console as a poor mans IP kvm?
Next by thread: Re: Using serial console as a poor mans IP kvm?
Index(es):
- Date
- Thread