| View previous topic :: View next topic |
| Author |
Message |
franoculator
Tux's lil' helper
Joined: 11 Apr 2003
Posts: 125
Location: My Fake Leather Chair
|
 Posted: Mon Jun 07, 2004 5:11 am Post subject: Headless machine issues |
 |
|
I have a nice little headless router box set up on an old sparc of mine. Occaisionally (once every 3 months), ssh dies and I am unable to get in over the network. I could drag out the special keyboard and monitor and hook them up, but I am wondering if there is a better way to gain access to the machine in the event of another ssh crash. I really hate hard booting that box.
I am considering the possibility of disabling sshd altogether, and just wiring up a serial console to the server, but I would like to hear if anyone else had faced a similar problem, and what ideas they may have.
Thanks. |
|
| Back to top |
|
 |
Little Nemo
l33t
Joined: 29 Mar 2004
Posts: 623
Location: Berlin, Germany
|
| Posted: Mon Jun 07, 2004 7:35 am Post subject: |
|
|
| You could run an SNMP daemon on your headless box and from a remote machine use an SNMP command to reboot your box, but that might not be a 100 per cent secure. |
|
| Back to top |
|
|
Fitzsimmons
Guru
Joined: 01 Jan 2003
Posts: 415
Location: Waterloo, Ontario, Canada
|
| Posted: Mon Jun 07, 2004 4:25 pm Post subject: |
|
|
I have used webmin a couple times to save my ssh. You type in a command and as soon as the command finishes, the page reloads with the output of that command. It has saved me a couple times when I have done foolish things like "# /etc/init.d/sshd stop" ... while sshed into that box. It is secure enough, as long as you run it on https and not just http. (I am fairly sure that https is default)
Good luck.  |
|
| Back to top |
|
|
psi0nik
n00b
Joined: 21 Nov 2003
Posts: 31
|
| Posted: Mon Jun 07, 2004 5:23 pm Post subject: |
|
|
| serial console is The Right Way to do this. you could also try running a second instance of ssh on another port, which may or may not die at the same to the primary sshd dies (depending on why the primary sshd is dying). but i say go for the serial console. |
|
| Back to top |
|
|
Fitzsimmons
Guru
Joined: 01 Jan 2003
Posts: 415
Location: Waterloo, Ontario, Canada
|
| Posted: Mon Jun 07, 2004 8:06 pm Post subject: |
|
|
| psi0nik wrote: | | serial console is The Right Way to do this. you could also try running a second instance of ssh on another port, which may or may not die at the same to the primary sshd dies (depending on why the primary sshd is dying). but i say go for the serial console. |
How so? If you run a serial console you're still going to have to take hardware to the server and plug it into the server... either that or run a very long cable. Or what happens when SSH dies when you aren't in the immediate vicinity of the server? |
|
| Back to top |
|
|
Little Nemo
l33t
Joined: 29 Mar 2004
Posts: 623
Location: Berlin, Germany
|
| Posted: Mon Jun 07, 2004 8:10 pm Post subject: |
|
|
| If there's a second server in the vicinity, you could ssh into that and get a shell on your other box over the serial port. I'm using a serial port that way to restart a firewall machine once in a while. |
|
| Back to top |
|
|
psi0nik
n00b
Joined: 21 Nov 2003
Posts: 31
|
| Posted: Mon Jun 07, 2004 8:14 pm Post subject: |
|
|
| Quote: | | How so? If you run a serial console you're still going to have to take hardware to the server and plug it into the server... either that or run a very long cable. Or what happens when SSH dies when you aren't in the immediate vicinity of the server? |
well, i assume, possibly incorrectly, that the poster has access to another machine in close physical proximity to the box that's having problems, and that he would still have some sort of access to that machine, and if so, could then connect via serial from there.
the exception would be if the firewall going down implies no further access to machines in proximity to it. but it sounds like it's just sshd dying, and not all services, so chances are it's still routing packets in (assuming ssh is allowed in to hosts internally). if not, then you'd have to interact at the perimeter, and snmp would be a reasonable way to do so. if the machine is actually tanking, and snmp would die too, the only way to deal with it remotely would be a remote power cycle device. |
|
| Back to top |
|
|
sigmalll
Guru
Joined: 24 Aug 2003
Posts: 332
|
| Posted: Mon Jun 07, 2004 11:57 pm Post subject: Re: Headless machine issues |
|
|
[quote="franoculator"I really hate hard booting that box.[/quote]
Whatever solution you find, if its more hassle than gabbing the reset button and getting a brew your not going to enjoy doing that either. |
|
| Back to top |
|
|
franoculator
Tux's lil' helper
Joined: 11 Apr 2003
Posts: 125
Location: My Fake Leather Chair
|
| Posted: Tue Jun 08, 2004 12:09 am Post subject: |
|
|
| psi0nik wrote: | | Quote: | | How so? If you run a serial console you're still going to have to take hardware to the server and plug it into the server... either that or run a very long cable. Or what happens when SSH dies when you aren't in the immediate vicinity of the server? |
|
| Quote: | | well, i assume, possibly incorrectly, that the poster has access to another machine in close |
Yes, you assume correctly. The router sits in a rack, 4 inches above a server. I think the serial console may be my best bet here.
| psi0nik wrote: |
the exception would be if the firewall going down implies no further access to machines in proximity to it. but it sounds like it's just sshd dying, and not all services, so chances are it's still routing packets in (assuming ssh is allowed in to hosts internally). if not, then you'd have to interact at the perimeter, and snmp would be a reasonable way to do so. if the machine is actually tanking, and snmp would die too, the only way to deal with it remotely would be a remote power cycle device. |
The router still runs like a champ... in fact it ran just fine for over a week without ssh working. I finally gave in and reset the thing so I could do some security updates. |
|
| Back to top |
|
|
franoculator
Tux's lil' helper
Joined: 11 Apr 2003
Posts: 125
Location: My Fake Leather Chair
|
| Posted: Tue Jun 08, 2004 12:13 am Post subject: Re: Headless machine issues |
|
|
| sigmalll wrote: | | franoculator wrote: | | I really hate hard booting that box. |
Whatever solution you find, if its more hassle than gabbing the reset button and getting a brew your not going to enjoy doing that either. |
Heh. That's a good point. Especially since my oh so generous brewer gives me 11 more bottles of fine ale in the same box as the first brew. That will take care of me when the damned SCSI disk dies!
 |
|
| Back to top |
|
|
franoculator
Tux's lil' helper
Joined: 11 Apr 2003
Posts: 125
Location: My Fake Leather Chair
|
| Posted: Tue Jun 08, 2004 10:46 pm Post subject: |
|
|
Thanks for all of the advice. I settled on a serial console, and it seems to be working out fairly well.
 |
|
| Back to top |
|
|
|
Other Things Gentoo
