zonker at jeffk
Mar 9, 2006, 11:30 PM
Post #5 of 5
On Thu, Mar 09, 2006 at 10:28:47PM -0800, Mark Jayson Alvarez wrote:
Re: Using conserver to secure cisco routers
[In reply to]
> Bryan Stansell <bryan [at] conserver> wrote: hey mark...yep, that's what conserver was made for. ;-)
> You mean multiple logins at the same time using only one /dev/cuad0 ??? When I tried it, console complained that "hey, mark is connected"..
Yep...the key is, that second person *IS* also connected, but in
read-only (or "spy") mode...
So, log in the first person...he has read-write... then log in the
second person, and they are read-only... The first person can type,
but both will see what's happening. :-)
Next, have the second person type [ctrl]-[e[, [c], [f], to 'force'
control of the connection...the first user get's "bumped" into spy
mode, but they see the login name of who bumped them (they are now
in read-only mode)...and the second user now has read-write! Still,
any responses from the consoled device will go to both (read: 'all
attached') users on that console.
Typing ^E-c-w will show you 'who' is attached to that console,
and indicates which user has read-write access.
When the second person either disconnects (^E-c-.) or goes into
spy mode (^E-c-s), then the previous user gets control back.
(Of course, the other person could have 'forced' the connection
back to thenselves, too. ;-)
Of course, before forcing the connection, it's always a good idea
to reply the last 60 lines of the log (^E-c-r) to see what the person
with read-write access is up to...they may be in the middle of a
configuration change, etc., and hitting a couple carriage returns
may accept settings that you would rather not have. :-)
Many users can be on the same console, in spy mode, but only one
cn have read-write control at a time.
users mailing list
users [at] conserver