[rescue] DECserver 90M as console server
Greg A. Woods
woods at weird.com
Thu Nov 14 15:01:07 CST 2002
[ On Thursday, November 14, 2002 at 14:11:19 (-0500), Ross Alexander wrote: ]
> Subject: [rescue] DECserver 90M as console server
>
> I have a DECserver 90M that I want to set up as a console server. Does
> anyone have suggestions/pointers as to how to do this?
First you need to get it to boot (eg. with a DHCP and TFTP server).
Then use the following command script to configure the terminal server.
Then you might want to look at www.conserver.com (and the mailing list
for patches I submitted to do auto-login)....
Either way you want to firewall and restrict all access to the terminal
server, especially ports 23, 53, 161, 2001-2007 (or even up to 2031 if
you expect to get a bigger termserver someday). I restrict ports
2000-2033 to/from all address on my default gateway and use 2000 and
2001 for conserver too.
#
# These commands can be transmitted to a DEC terminal server to
# configure it as necessary to serve as a console server. Connect a
# terminal to the first port, boot it up, and type away. If you use
# something like kermit (which I used), or 'expect', or 'chat', or
# whatever, to send these commands be warned that you must program it to
# wait for prompts to appear before sending the next command and you
# might even wnat to check that each character is echoed properly before
# sending the next one....
#
# Remember to "set priv" and give the system password, and then
# "initialize" afterwards.
#
# Note that in this configuration the SERVER LOGIN PASSWORD is the
# second most critical after the SERVER PRIVILEGED PASSWORD.
#
# Commented out commands are the factory defaults. All known settings
# are explicitly set to their desired values so resetting to factory
# defaults with the recessed front-panel button before loading this
# configuration should not be absolutely necessary (but they are still
# recommended).
#
# Currently, only the server name cannot be reset by a DEFINE command:
#
# DEFINE SERVER NAME XXX
#
DEFINE SERVER ANNOUNCEMENTS ENABLED
DEFINE SERVER BROADCAST ENABLED
DEFINE SERVER CIRCUIT TIMER 80
DEFINE SERVER CONSOLE PORT 1
#DEFINE SERVER DUMP ENABLED
#DEFINE SERVER HEARTBEAT DISABLED
#DEFINE SERVER IDENTIFICATION ""
DEFINE SERVER INACTIVITY TIMER 30
DEFINE SERVER KEEPALIVE TIMER 20
DEFINE SERVER LOCK ENABLED
#DEFINE SERVER LOGIN PASSWORD "ACCESS"
DEFINE SERVER MAINTENANCE PASSWORD "0"
DEFINE SERVER MULTICAST TIMER 30
DEFINE SERVER NODE LIMIT 200
DEFINE SERVER NUMBER 0
DEFINE SERVER PASSWORD LIMIT 3
#DEFINE SERVER PRIVILEGED PASSWORD "SYSTEM"
#DEFINE SERVER PROMPT "Local> "
DEFINE SERVER QUEUE LIMIT 100
DEFINE SERVER REMOTE PASSWORD "ACCESS"
DEFINE SERVER RESPONDER DISABLED
DEFINE SERVER RETRANSMIT LIMIT 8
DEFINE SERVER SERVICE GROUPS 0
DEFINE SERVER SESSION LIMIT 64
#DEFINE SERVER SOFTWARE MNENG1
# local settings:
DEFINE SERVER DUMP DISABLED
DEFINE SERVER HEARTBEAT ENABLED
# max 40 bytes: "0123456789012345678901234567890123456789"
DEFINE SERVER IDENTIFICATION "Console Server"
# max 16 bytes: "0123456789012345"
DEFINE SERVER PROMPT "ConsoleServer> "
#
# Reset state of Internet protocols
#
DEFINE INTERNET ADDRESS NONE
DEFINE INTERNET ENABLED
DEFINE INTERNET DHCP ENABLED
DEFINE INTERNET SUBNET MASK NONE
PURGE INTERNET ARP ENTRY ALL
PURGE INTERNET GATEWAY ALL
PURGE INTERNET HOST ALL
PURGE INTERNET NAMESERVER ALL
DEFINE INTERNET NAME RESOLUTION TIME LIMIT 4
DEFINE INTERNET NAME RESOLUTION RETRY LIMIT 3
#DEFINE INTERNET NAME RESOLUTION MODE ORDERED
#DEFINE INTERNET NAME RESOLUTION DOMAIN NONE
# local settings:
DEFINE INTERNET NAME RESOLUTION MODE STUB
DEFINE INTERNET NAME RESOLUTION DOMAIN subdomain.example
DEFINE INTERNET NAMESERVER some-recursive-nameserver.subdomain.example ADDRESS 192.168.1.250 LOCAL
DEFINE INTERNET NAMESERVER another-recursive-namesrv.subdomain.example ADDRESS 192.168.250.1 LOCAL
DEFINE INTERNET HOST some-recursive-nameserver.subdomain.example ADDRESS 192.168.1.250
DEFINE INTERNET HOST another-recursive-namesrv.subdomain.example ADDRESS 192.168.250.1
#
# don't comment out the purge -- do it first anyway
PURGE TELNET LISTENER ALL
#
# local settings:
#
DEFINE TELNET LISTENER 2001 PORT 2 ENABLED
# max 40 bytes: "0123456789012345678901234567890123456789"
DEFINE TELNET LISTENER 2001 IDENTIFICATION " Console Port #1"
DEFINE TELNET LISTENER 2001 CONNECTIONS ENABLED
#
DEFINE TELNET LISTENER 2002 PORT 3 ENABLED
DEFINE TELNET LISTENER 2002 IDENTIFICATION "Console Port #2"
DEFINE TELNET LISTENER 2002 CONNECTIONS ENABLED
#
DEFINE TELNET LISTENER 2003 PORT 4 ENABLED
DEFINE TELNET LISTENER 2003 IDENTIFICATION "Console Port #3"
DEFINE TELNET LISTENER 2003 CONNECTIONS ENABLED
#
DEFINE TELNET LISTENER 2004 PORT 5 ENABLED
DEFINE TELNET LISTENER 2004 IDENTIFICATION "Console Port #4"
DEFINE TELNET LISTENER 2004 CONNECTIONS ENABLED
#
DEFINE TELNET LISTENER 2005 PORT 6 ENABLED
DEFINE TELNET LISTENER 2005 IDENTIFICATION "Console Port #5"
DEFINE TELNET LISTENER 2005 CONNECTIONS ENABLED
#
DEFINE TELNET LISTENER 2006 PORT 7 ENABLED
DEFINE TELNET LISTENER 2006 IDENTIFICATION "Console Port #6"
DEFINE TELNET LISTENER 2006 CONNECTIONS ENABLED
#
DEFINE TELNET LISTENER 2007 PORT 8 ENABLED
DEFINE TELNET LISTENER 2007 IDENTIFICATION "Console Port #7"
DEFINE TELNET LISTENER 2007 CONNECTIONS ENABLED
#
# Next, get rid of all defined local services, which is the default:
#
PURGE SERVICES LOCAL
#
# Get rid of any dialer information
#
PURGE DIALER SERVICE ALL
PURGE DIALER SCRIPT all
#
# Reset SNMP Characteristics
#
# note that enabling SNMP automatically configures the read-only
# community "public"
DEFINE SNMP STATE ENABLED
DEFINE SNMP AUTHENTICATION FAILURE ENABLED
PURGE SNMP COMMUNITY ALL
# local settings:
DEFINE SNMP COMMUNITY "private" ADDRESS ANY
DEFINE SNMP COMMUNITY "private" GET ENABLED
DEFINE SNMP COMMUNITY "private" GETNEXT ENABLED
DEFINE SNMP COMMUNITY "private" SET ENABLED
DEFINE SNMP COMMUNITY "private" ADDRESS 192.168.1.250
DEFINE SNMP COMMUNITY "private" TRAP ENABLED
#
# Reset System Characteristics (32 char max)
#
#DEFINE SYSTEM CONTACT ""
#DEFINE SYSTEM LOCATION ""
# local settings:
# "01234567890123456789012345678901"
DEFINE SYSTEM CONTACT "Your Name and E-Mail Here"
DEFINE SYSTEM LOCATION "123 Some Street; SomeTown, ZZ"
#
# Now do the appropriate define commands to reset the port paramters:
#
#DEFINE PORT ALL ACCESS LOCAL
DEFINE PORT ALL AUTHENTICATION DISABLED
DEFINE PORT ALL AUTHORIZED GROUPS ALL DISABLED
DEFINE PORT ALL AUTHORIZED GROUPS 0 ENABLED
#DEFINE PORT ALL AUTOBAUD ENABLED
DEFINE PORT ALL AUTOCONNECT DISABLED
DEFINE PORT ALL AUTOPROMPT ENABLED
DEFINE PORT ALL BACKWARD SWITCH NONE
#DEFINE PORT ALL BREAK LOCAL
DEFINE PORT ALL BROADCAST ENABLED
DEFINE PORT ALL CHARACTER SIZE 8
DEFINE PORT ALL DEDICATED NONE
DEFINE PORT ALL DEFAULT MENU NONE
#DEFINE PORT ALL DEFAULT PROTOCOL LAT
DEFINE PORT ALL DIALUP DISABLED
DEFINE PORT ALL DIALER SCRIPT NONE
DEFINE PORT ALL DSRLOGOUT DISABLED
DEFINE PORT ALL DTRWAIT DISABLED
DEFINE PORT ALL FAILOVER ENABLED
DEFINE PORT ALL FLOW CONTROL XON
DEFINE PORT ALL INPUT FLOW CONTROL ENABLED
DEFINE PORT ALL OUTPUT FLOW CONTROL ENABLED
DEFINE PORT ALL FORWARD SWITCH NONE
DEFINE PORT ALL INACTIVITY LOGOUT DISABLED
DEFINE PORT ALL INTERRUPTS DISABLED
DEFINE PORT ALL LIMITED VIEW DISABLED
DEFINE PORT ALL LOCAL SWITCH NONE
#DEFINE PORT ALL LOCK ENABLED
DEFINE PORT ALL LONGBREAK LOGOUT DISABLED
DEFINE PORT ALL LOSS NOTIFICATION ENABLED
DEFINE PORT ALL MESSAGE CODES ENABLED
DEFINE PORT ALL MULTISESSIONS DISABLED
DEFINE PORT ALL ON-DEMAND LOADING DISABLED
DEFINE PORT ALL PARITY NONE
#DEFINE PORT ALL PASSWORD DISABLED
DEFINE PORT ALL PPP DISABLED
DEFINE PORT ALL PREFERRED NONE
DEFINE PORT ALL QUEUING DISABLED
#DEFINE PORT ALL REMOTE PASSWORD DISABLED
DEFINE PORT ALL REMOTE MODIFICATION DISABLED
DEFINE PORT ALL RING DISABLED
DEFINE PORT ALL SECURITY DISABLED
DEFINE PORT ALL SESSION LIMIT 4
DEFINE PORT ALL SIGNAL CHECK DISABLED
DEFINE PORT ALL SIGNAL CONTROL DISABLED
DEFINE PORT ALL SLIP DISABLED
DEFINE PORT ALL SPEED 9600
DEFINE PORT ALL STOP BITS DYNAMIC
DEFINE PORT ALL TYPE ANSI
#DEFINE PORT ALL USERNAME ""
DEFINE PORT ALL VERIFICATION ENABLED
# max 16 bytes: "0123456789012345"
DEFINE PORT 1 NAME TSERVER-CONSOLE
DEFINE PORT 2 NAME CONSOLE-1
DEFINE PORT 3 NAME CONSOLE-2
DEFINE PORT 4 NAME CONSOLE-3
DEFINE PORT 5 NAME CONSOLE-4
DEFINE PORT 6 NAME CONSOLE-5
DEFINE PORT 7 NAME CONSOLE-6
DEFINE PORT 8 NAME CONSOLE-7
# local settings:
# users should enter their username when using the console port
# max 16 bytes: "0123456789012345"
DEFINE PORT 1 USERNAME ""
# telnet listener over-writes username with "(Remote)"....
DEFINE PORT 2 USERNAME "console_1"
DEFINE PORT 3 USERNAME "console_2"
DEFINE PORT 4 USERNAME "console_3"
DEFINE PORT 5 USERNAME "console_4"
DEFINE PORT 6 USERNAME "console_5"
DEFINE PORT 7 USERNAME "console_6"
DEFINE PORT 8 USERNAME "console_7"
DEFINE PORT 1 ACCESS DYNAMIC
DEFINE PORT 2-8 ACCESS REMOTE
DEFINE PORT 1 PASSWORD ENABLED
# can't have a local password if running listener...
DEFINE PORT 2-8 PASSWORD DISABLED
DEFINE PORT ALL REMOTE PASSWORD ENABLED
DEFINE PORT 1 AUTOBAUD ENABLED
DEFINE PORT 2-8 AUTOBAUD DISABLED
DEFINE PORT 1 BREAK LOCAL
DEFINE PORT 2-8 BREAK DISABLED
DEFINE PORT ALL LOCK DISABLED
DEFINE PORT ALL DEFAULT PROTOCOL TELNET
#
# Reset the Telnet Port Client parameters:
#
# The first command (DEFINE PORT TELNET CLIENT PROFILE CHARACTER) resets the
# following parameters:
#
# Profile (CHARACTER),
# Echo Mode (REMOTE),
# Binary Option (DISABLED),
# Message Verification (ENABLED),
# Switch Characters (ENABLED),
# Input Flow Control (ENABLED),
# Output Flow Control (ENABLED),
# Signal Request (ENABLED)
#
DEFINE PORT ALL TELNET CLIENT PROFILE CHARACTER
DEFINE PORT ALL TELNET CLIENT CHARACTER SIZE 8
DEFINE PORT ALL TELNET CLIENT AUTOFLUSH IP ENABLED
DEFINE PORT ALL TELNET CLIENT AUTOFLUSH SYNCH DISABLED
DEFINE PORT ALL TELNET CLIENT AUTOFLUSH AYT DISABLED
DEFINE PORT ALL TELNET CLIENT AUTOSYNCH AO DISABLED
DEFINE PORT ALL TELNET CLIENT AUTOSYNCH IP ENABLED
DEFINE PORT ALL TELNET CLIENT AUTOSYNCH AYT DISABLED
DEFINE PORT ALL TELNET CLIENT NEWLINE FROM TERMINAL <CR>
DEFINE PORT ALL TELNET CLIENT NEWLINE TO TERMINAL <CRLF>
DEFINE PORT ALL TELNET CLIENT NEWLINE FROM HOST <CRLF>
DEFINE PORT ALL TELNET CLIENT NEWLINE TO HOST <CRLF>
# XXX these may best be disabled...
DEFINE PORT ALL TELNET CLIENT TOGGLE ECHO ^E
DEFINE PORT ALL TELNET CLIENT AO ^O
DEFINE PORT ALL TELNET CLIENT IP ^Y
DEFINE PORT ALL TELNET CLIENT SYNCH ^X
DEFINE PORT ALL TELNET CLIENT AYT ^T
DEFINE PORT ALL TELNET CLIENT EOR NONE
DEFINE PORT ALL TELNET CLIENT BRK NONE
DEFINE PORT ALL TELNET CLIENT QUOTE NONE
#
# Reset the Telnet Port Server parameters:
#
DEFINE PORT ALL TELNET SERVER CHARACTER SIZE 8
DEFINE PORT ALL TELNET SERVER NEWLINE FROM TERMINAL <CRLF>
DEFINE PORT ALL TELNET SERVER NEWLINE TO TERMINAL <CRLF>
DEFINE PORT ALL TELNET SERVER NEWLINE FROM HOST <CRLF>
DEFINE PORT ALL TELNET SERVER NEWLINE TO HOST <CR>
DEFINE PORT ALL TELNET SERVER ECHO NEGOTIATION INITIATE
DEFINE PORT ALL TELNET SERVER EC NONE
DEFINE PORT ALL TELNET SERVER EL NONE
DEFINE PORT ALL TELNET SERVER AO NONE
DEFINE PORT ALL TELNET SERVER IP NONE
DEFINE PORT ALL TELNET SERVER AYT NONE
DEFINE PORT ALL TELNET SERVER EOR NONE
DEFINE PORT ALL TELNET SERVER NOP NONE
DEFINE PORT ALL TELNET SERVER BRK BREAK
#
# Reset port TN3270 characteristics
#
DEFINE PORT ALL TN3270 FLOW CONTROL ENABLED
DEFINE PORT ALL TN3270 KEYMAP ALL DEFAULT
DEFINE PORT ALL TN3270 KEYMAP NVRAM LIMIT 0
DEFINE PORT ALL TN3270 MODEL NONE
DEFINE PORT ALL TN3270 NULLS 3179
DEFINE PORT ALL TN3270 SWITCH CHARACTER ENABLED
DEFINE PORT ALL TN3270 TERMINAL VT100
DEFINE PORT ALL TN3270 VERIFICATION ENABLED
#
# Reset port SLIP characteristics:
#
PURGE PORT ALL SLIP HOST ADDRESS
DEFINE PORT ALL SLIP COMPRESSION DISABLED
DEFINE PORT ALL SLIP COMPRESSION STATES 16
DEFINE PORT ALL SLIP MTU 1006
#
# Reset port PPP characteristics, including ATCP and IPXCP:
#
PURGE PORT ALL PPP HOST ADDRESS
DEFINE PORT ALL PPP ATCP ENABLED
DEFINE PORT ALL PPP ATCP MAXCONFIGURE 10
DEFINE PORT ALL PPP ATCP MAXFAILURE 10
DEFINE PORT ALL PPP ATCP MAXTERMINATE 2
DEFINE PORT ALL PPP ATCP RESTART 3
DEFINE PORT ALL PPP IPCP ENABLED
DEFINE PORT ALL PPP IPCP ADDRESS DISABLED
DEFINE PORT ALL PPP IPCP COMPRESSION DISABLED
DEFINE PORT ALL PPP IPCP COMPRESSION STATES 16
DEFINE PORT ALL PPP IPCP MAXCONFIGURE 10
DEFINE PORT ALL PPP IPCP MAXFAILURE 10
DEFINE PORT ALL PPP IPCP MAXTERMINATE 2
DEFINE PORT ALL PPP IPCP RESTART 3
DEFINE PORT ALL PPP IPXCP ENABLED
DEFINE PORT ALL PPP IPXCP MAXCONFIGURE 10
DEFINE PORT ALL PPP IPXCP MAXFAILURE 10
DEFINE PORT ALL PPP IPXCP MAXTERMINATE 2
DEFINE PORT ALL PPP IPXCP RESTART 3
DEFINE PORT ALL PPP LCP ENABLED
DEFINE PORT ALL PPP LCP ACFC DISABLED
DEFINE PORT ALL PPP LCP AUTHENTICATION DISABLED
DEFINE PORT ALL PPP LCP MAP FFFFFFFF
DEFINE PORT ALL PPP LCP MRU 1500
DEFINE PORT ALL PPP LCP PASSIVE ENABLED
DEFINE PORT ALL PPP LCP PFC DISABLED
DEFINE PORT ALL PPP LCP MAXCONFIGURE 10
DEFINE PORT ALL PPP LCP MAXFAILURE 10
DEFINE PORT ALL PPP LCP MAXTERMINATE 2
DEFINE PORT ALL PPP LCP RESTART 3
DEFINE PORT ALL PPP LCP CALLBACK DISABLE
#
# Reset command groups
#
PURGE COMMAND GROUP ALL
#
# Reset Security
#
PURGE KERBEROS REALM ALL
DEFINE KERBEROS PASSWORD PORT 751
DEFINE KERBEROS TICKET PORT 750
DEFINE KERBEROS TIMEOUT 8
#
PURGE RADIUS REALM ALL
PURGE SECURID REALM ALL
PURGE SERVER REALM ALL
PURGE USERACCOUNT ALL
#
# Reset Accounting characteristics
#
#DEFINE ACCOUNTING CONSOLE DISABLED
DEFINE ACCOUNTING CONSOLE ENABLED
#DEFINE ACCOUNTING LOGSIZE 0
# units in kilobytes
DEFINE ACCOUNTING LOGSIZE 128
#DEFINE ACCOUNTING THRESHOLD NONE
DEFINE ACCOUNTING THRESHOLD HALF
#
# Reset Appletalk
#
DEFINE APPLETALK DISABLED
DEFINE APPLETALK ADDRESS CACHE 1
#
# Reset IPX
#
DEFINE IPX DISABLED
#
# End of defaults command file *********************************************
--
Greg A. Woods
+1 416 218-0098; <g.a.woods at ieee.org>; <woods at robohack.ca>
Planix, Inc. <woods at planix.com>; VE3TCP; Secrets of the Weird <woods at weird.com>
More information about the rescue
mailing list