Suggestions for remote admin of linux machines

I need to move some servers to an unattended location and haven't been
pleased with the methods for remote administration that have come to
mind so far:

Solution #1: XDMCP, pcanywhere, vnc, etc. Problem: An X-Server imposes
too much overhead given the limited capabilities of the machines
involved. (No, I don't want to replace the machines with the latest and
greatest hardware :-)).

Solution #2: Serial console via cable and modem. Problem: We have a
network interface but no spare phone line at the remote location.

Solution #3: KVM over IP. Problem: I've priced out KVM switches with a
network interface and they appear to be too expensive ($1500+).
Unaffordable in the case at hand. For less money I could install a
multiport serial card on a machine running x-windows and use this to
control the machines via serial consoles. Still a bit pricey however
because of limited sources for multiport serial cards.

All of these solutions are less than appealing. Can someone recommend a
better method? Or perhaps point me to an affordable source for KVM
switches with network interfaces?

["Followup-To:" header set to comp.os.linux.misc.]
On Tue, 18 May 2004 11:00:41 -0500, George Patton staggered into the
Black Sun and said:
> I need to move some servers to an unattended location and haven't been
> pleased with the methods for remote administration that have come to
> mind so far:
>
> Solution #1: XDMCP, pcanywhere, vnc, etc. Problem: An X-Server
> imposes too much overhead

Keep in mind that VNC or X is not a complete "remote administration
solution". You won't be able to get into the BIOS Setup, f'rexample.
If you don't *need* that capability, X or VNC would work fine, but you
need to be specific about your real needs.

> Solution #2: Serial console via cable and modem. Problem: We have a
> network interface but no spare phone line at the remote location.

Same deal as VNC/X.

> Solution #3: KVM over IP. Problem: I've priced out KVM switches with
> a network interface and they appear to be too expensive ($1500+).

That might allow you to get into the BIOS Setup, but if it costs too
much, it costs too much.

> All of these solutions are less than appealing. Can someone recommend
> a better method?

How about using ssh? This will work very similarly to option 2, but you
won't need a phone line. You won't be able to get into the BIOS Setup,
of course, and dealing with power failures/disk crashes at the remote
site may require a road trip (make sure you're using ext3 or ReiserFS,
so you'll have less chance of losing data) but it's something that's
easy to implement and secure.

--
Matt G|There is no Darkness in Eternity/But only Light too dim for us to see
Brainbench MVP for Linux Admin / mail: TRAP + SPAN don't belong
http://www.brainbench.com / Hire me!
-----------------------------/ http://crow202.dyndns.org/~mhgraham/resume

In comp.os.linux.misc George Patton <(E-Mail Removed)> wrote:
: I need to move some servers to an unattended location and haven't been
: pleased with the methods for remote administration that have come to
: mind so far:

: Solution #1: XDMCP, pcanywhere, vnc, etc. Problem: An X-Server imposes
: Solution #2: Serial console via cable and modem. Problem: We have a
: Solution #3: KVM over IP. Problem: I've priced out KVM switches with a

Am I missing something ? - what's wrong with basic terminal login
using SSH or the like?

Stan
--
Stan Bischof ("stan" at the below domain)
www.worldbadminton.com

On Tue, 18 May 2004 11:00:41 -0500, George Patton wrote:

> I need to move some servers to an unattended location and haven't been
> pleased with the methods for remote administration that have come to
> mind so far:
>
> Solution #1: XDMCP, pcanywhere, vnc, etc. Problem: An X-Server imposes
> too much overhead given the limited capabilities of the machines
> involved. (No, I don't want to replace the machines with the latest and
> greatest hardware :-)).

I admin 8 servers located at a local ISP from my home and I don't need no
steeenking X to do it. Why do you? BTW, opening the X ports just
provides another avenue of attack from the script kiddiez.

> Solution #2: Serial console via cable and modem. Problem: We have a
> network interface but no spare phone line at the remote location.

Then you do the job over the Internet. Use ssh.

Set up the machines to reboot after a power outage, use journalling
filesystems on them and firewall them.

In comp.os.linux.misc, George Patton uttered these immortal words:

> I need to move some servers to an unattended location and haven't been
> pleased with the methods for remote administration that have come to
> mind so far:

Like most of the others said, use SSH. You might like to try Webmin over
HTTPS too or a combination the two.

--
Andy.

On Tue, 18 May 2004 11:00:41 -0500, George Patton
<(E-Mail Removed)> wrote:

> I need to move some servers to an unattended location and haven't been
> pleased with the methods for remote administration that have come to
> mind so far:
>
> Solution #1: XDMCP, pcanywhere, vnc, etc.

Does PC Anywhere even have a Linux version? If not, then that won't
work. I wouldn't trust XDMCP over the Internet either.

It kind of sounds like you might think X works like the Windows GUI
where you somehow need to copy the display to the remote station. It is
actually very different. X is a client-server system that inherently
supports what you're trying to do. The X server needs to be running on
the machine you sit in front of but not necessarily on the machine
running the app. All that the remote machine needs is the X libraries
which are a lot "lighter" than the X server itself.

So my first suggestion would be SSH. It gives you an encrypted command
line and you can also run X apps on the remote machine and forward the
display back to your workstation. This is actually a lot easier than it
sounds, just a one-time setup. You will need to run an X server on the
machine you're sitting in front of but there is no need at all for an X
server on the remote machine.

Your Linux distro probably already has SSH included. If you will be
administering from Windows, I'd google for "Cygwin". It provides an
Unix enviornment on top of Windows that includes an X server and SSH.
If you're using Linux or another Unix then all you need to do is install
SSH since you probably have an X server.

FWIW, another possibility would be something like Webmin. That lets you
do many admin tasks using a web browser. Don't forget to use https!

Finally, you really don't need all the "stuff". Just a command line
running over SSH is quite sufficient once you learn the ropes.


> Solution #3: KVM over IP. Problem: I've priced out KVM switches with a
> network interface and they appear to be too expensive ($1500+).

Indeed. That might be the only answer if you want to be able to change
BIOS settings and such. Short of that it is probably overkill.


--
-| Bob Hauck
-| To Whom You Are Speaking
-| http://www.haucks.org/

George Patton <(E-Mail Removed)> writes:

]I need to move some servers to an unattended location and haven't been
]pleased with the methods for remote administration that have come to
]mind so far:

I am confused. These machines have network connections you seem to say
below. So just do it, by command line and scripts, via the network. No
need for X, or pcanywhere or .... What kind of admin tasks?
The only problem is that the machines may need on site if they crash
(power failure, etc). YOu still cannot push the big red switch from a
remote location.

]Solution #1: XDMCP, pcanywhere, vnc, etc. Problem: An X-Server imposes
]too much overhead given the limited capabilities of the machines
]involved. (No, I don't want to replace the machines with the latest and
]greatest hardware :-)).

]Solution #2: Serial console via cable and modem. Problem: We have a
]network interface but no spare phone line at the remote location.

So, use the network!

]Solution #3: KVM over IP. Problem: I've priced out KVM switches with a

No idea what KVM is.
It depends on how much remote admin you want to do. IF you really want
to control the systems remotely as they boot up, then the network idea
above will not work. But neither would the modem idea since there has to
be something running on the machine to get at the modem. Xserver means
that the machine is already up and running.

]network interface and they appear to be too expensive ($1500+).
]Unaffordable in the case at hand. For less money I could install a
]multiport serial card on a machine running x-windows and use this to
]control the machines via serial consoles. Still a bit pricey however
]because of limited sources for multiport serial cards.

]All of these solutions are less than appealing. Can someone recommend a
]better method? Or perhaps point me to an affordable source for KVM
]switches with network interfaces?

Tell us what you want to be able to do via this "remote administration".

Bill Unruh wrote:
> George Patton <(E-Mail Removed)> writes:
>
> ]I need to move some servers to an unattended location and haven't been
> ]pleased with the methods for remote administration that have come to
> ]mind so far:
>
> I am confused. These machines have network connections you seem to say
> below. So just do it, by command line and scripts, via the network. No
> need for X, or pcanywhere or .... What kind of admin tasks?
> The only problem is that the machines may need on site if they crash
> (power failure, etc). YOu still cannot push the big red switch from a
> remote location.

Not without special hardware. APC make smart power switches that you
can telnet to and power cycle individual outlets remotely. Some remote
administration tools (notably Sun's ALOM for their SPARC-based servers
and ERA from Dell, presumably Compaq and IBM have similar offerings for
their Intel-based servers) do actually allow remotely power cycling the
machine.

[snip]
> ]Solution #3: KVM over IP. Problem: I've priced out KVM switches with a
>
> No idea what KVM is.

KVM = Keyboard, Video, Mouse switch---a common method for using one
monitor/mouse/keyboard combination on several (local) systems.

On Tue, 18 May 2004 16:27:01 +0000 (UTC), (E-Mail Removed) <(E-Mail Removed)> wrote:
>
>
> In comp.os.linux.misc George Patton <(E-Mail Removed)> wrote:
>: I need to move some servers to an unattended location and haven't been
>: pleased with the methods for remote administration that have come to
>: mind so far:
>
>: Solution #1: XDMCP, pcanywhere, vnc, etc. Problem: An X-Server imposes
>: Solution #2: Serial console via cable and modem. Problem: We have a
>: Solution #3: KVM over IP. Problem: I've priced out KVM switches with a
>
> Am I missing something ? - what's wrong with basic terminal login
> using SSH or the like?
>
> Stan

I like good old telnet. There's a script on the servers that accesses a VERY long
list of names (runs as root). The list is not sent over the internet, and
each name is used only once.

Each time I login I have to create a file with the current name within a few seconds
or it logs me out. Until that file is created, the shell is VERY restricted.

Ssh takes a lot of space and other system resources that I have better uses for.

AC

--
Pass-List -----> Block-List ----> Challenge-Response
The key to taking control of your mailbox. Design Parameters:
http://tinyurl.com/2t5kp || http://tinyurl.com/3c3ag
Challenge-Response links -- http://tinyurl.com/yrfjb

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
NotDashEscaped: You need GnuPG to verify this message

In comp.os.linux.misc George Patton <(E-Mail Removed)> suggested:
> I need to move some servers to an unattended location and haven't been
> pleased with the methods for remote administration that have come to
> mind so far:
[..]

> All of these solutions are less than appealing. Can someone recommend a
> better method? Or perhaps point me to an affordable source for KVM
> switches with network interfaces?

As others already answered, you just need ssh, it can do
everything for you and more, while needing just one port. You can
forward X through the ssh tunnel if you want/need to run X apps
on the remote host.

Here's a good starting point:

http://www.openssh.org/faq.html

You probably don't even need to install sshd at all, it should be
installed per default on most Linux distro. Perhaps it is already
running? Just make sure there's a recent version/vendor update
installed.

There are windoze clients, if you are limited to some M$ desktop,
putty/winscp try a google search.

Good luck

--
Michael Heiming (GPG-Key ID: 0xEDD27B94)
mail: echo (E-Mail Removed) | perl -pe 'y/a-z/n-za-m/'
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFAqmK+AkPEju3Se5QRAmrUAJ0a31iqXqmLnPZ1ACEoGt irdFWoBACfawAw
Aam1zThMhh3onoLwgM32VTA=
=+M6E
-----END PGP SIGNATURE-----