From owner-freebsd-questions Mon Jan 11 12:04:08 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA21577 for freebsd-questions-outgoing; Mon, 11 Jan 1999 12:04:08 -0800 (PST) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from dnai.com (dnai.com [207.181.194.98]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA21572 for ; Mon, 11 Jan 1999 12:04:06 -0800 (PST) (envelope-from miket@dnai.com) Received: from einstein (dnai-207-181-255-91.dialup.dnai.com [207.181.255.91]) by dnai.com (8.8.8/8.8.8) with SMTP id MAA18534 for ; Mon, 11 Jan 1999 12:03:25 -0800 (PST) Message-Id: <4.1.19990111120109.00b57e10@mail.dnai.com> X-Sender: miket@mail.dnai.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.1 Date: Mon, 11 Jan 1999 12:01:26 -0800 To: questions@FreeBSD.ORG From: Mike Thompson Subject: Re: Remote Administration of Webservers In-Reply-To: <19990111092644.C7461@agamemnon.imgmkt.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 09:26 AM 1/11/99 +1000, you wrote: > Is there a way to hook up a console box or something the the freebsd > box, so that if we recompile the kernel, and it fails to reboot, we > can change kernels, or if there's a fsck error, that we can run > fsck, and fix it up - even though the network hasn't yet started? Ken, We are setting remotely administered FreeBSD systems under a similar configuration. In our case each FreeBSD server will be configured to use COM1 as it's console rather than the built-in keyboard/monitor ports. To get access to the console we will be installing an inexpensive FreeBSD admin system with a multi-port serial card with each serial port connected to a server. If a system goes down or needs to be booted into single-user mode for system maintenance we can do it completely from the the admin system by using SSH to get access to the admin system and then using tip to get access to the serial port of the server. We will also be using IPFW (kernel firewall) to configure each FreeBSD server in a very secure manner. Having access to the serial port will allow us to remotely tweak the IPFW configuration without worrying about completely losing remote access to the server. About the only thing we can't do is cycle the power on the FreeBSD servers, but we can phone a tech at our colocation facility to do this for us. We are also considering getting a serial line controlled power switches such as the kind sold by American Power Conversion (www.apcc.com) for this purpose. A complete and reliable administration solution will be very important to us because our servers will be about 20 miles from us. However when me move some servers across the country this configuration will be paramount. I would be eager to hear of anyone else's experience with configuring FreeBSD for secure and reliable remote administration. Mike Thompson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message