[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sticky authentication/authorisation issues
On Thu, 7 Jul 2005, Brian May wrote:
> note: changed subject
>
>>>>>> "Brandon" == Brandon S Allbery KF8NH <allbery@ece.cmu.edu> writes:
>
> Brandon> On Thu, 2005-07-07 at 09:20 +1000, Brian May wrote:
> >> Is there anything you can do in telnet that you can't do in
> >> ssh?
>
> Brandon> Recover when sshd is hosed / not running. Backup access
> Brandon> mechanisms matter.
>
> Good point. Just been in a situation recently where somebody upgraded
> ssh on a remote server and accidently turned off password
> authentication. It become difficult to log in again and fix the
> problem.
Quite recently i was involved in setting up serial console access.
(To provide out-of-band management.)
Basically we configured terminal servers to reverse telnet and
crosslinked them to some Unix boxen running Conserver:
http://www.conserver.com/
The "console" client program SSL encripts its connection to the
conserver, which in turn uses pam_krb5 to autenticate against a KDC.
Ofcource this does ask for a password, which could be inconvenient for
day-to-day admin tasks, but _normally_ ssh is used directly.
In case Kerberos is down (aswell), one can ssh into the conserver
machine, and fireoff the console client to connect over loopback.
-Menno.
- References:
- Future of kerberised telnet, login, rsh, ftp?
- From: Andrew Bartlett <abartlet@samba.org>
- Re: Future of kerberised telnet, login, rsh, ftp?
- From: Ilia Chipitsine <ilia@paramon.ru>
- Re: Future of kerberised telnet, login, rsh, ftp?
- From: Brian May <bam@snoopy.apana.org.au>
- Re: Future of kerberised telnet, login, rsh, ftp?
- From: "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
- Re: Sticky authentication/authorisation issues
- From: Brian May <bam@snoopy.apana.org.au>