Mike Yes and Yes. I have some seriously old stuff and often corporate standards move forward faster that vendor updates.
HTTPS - lack of updated CA data can cause issue when the user can not update the data. SSH - Some offers of legacy ciphers/algorithms can be flagged by security sweeps. I am sure I could go down a rabbit hole. There are devices that work but get flagged for how they work within tight controls. On Thu, Dec 18, 2025 at 2:05 PM Michael Thomas via NANOG <[email protected]> wrote: > > > On 12/18/25 7:24 AM, Andrew Latham via NANOG wrote: > > Matt > > > > Some open software would really keep a lot of this stuff out of the > > trash. I have Cyclades and Lantronix stuff on a shelf that works. I > > got tired of maintaining a box-in-the-middle to deal with ssh ciphers. > > Have cipher suites really changed that much in the last 20 years or so? > After the sha1 kerfuffle and needing to up RSA key sizes, has there been > much change? > > Or are you talking about some seriously old kit that predates that? > > Mike, out of the loop > > > > > > On Thu, Dec 18, 2025 at 7:43 AM Matt Brennan <[email protected]> wrote: > >> Up until recently I was using the Raritan Dominion SX II models. Dual PSU, > >> dual NIC, and configurations ranging from 4 to 48 ports. However, Raritan > >> has just discontinued that as of June. It is unclear how long they will > >> continue to provide security patches. > >> > >> They are recommending customers switch to the ZPE Systems Nodegrid Serial > >> Consoles. It looks to be much the same, but I haven't had a chance to test > >> one yet. The only difference I've noticed is the ZPE device seems to have > >> an embedded 5G cellular module. > >> > >> > >> On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG > >> <[email protected]> wrote: > >>> Dan > >>> > >>> I have stacks and stacks of serial console servers. Today I mostly use > >>> an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter > >>> with some pictures of the guts at > >>> https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my > >>> solution to a quick build of an https://freetserv.github.io/ > >>> > >>> (I have seen some things) > >>> > >>> On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG > >>> <[email protected]> wrote: > >>>> Hey there folks. > >>>> > >>>> Dayjob has historically used USB TTY pods attached to real BSD machines > >>>> to talk to our cisco consoles, with the amazing benefit that with a > >>>> program like Vixie's rtty (or conserver) you can also capture the output > >>>> of those consoles in real-time, and perhaps use that data to identify a > >>>> connected device. > >>>> > >>>> As a bonus, because the rackmount devices have real DE-9's on them, it > >>>> means they work with any kind of cable you get (not just your standard > >>>> rj45 cisco rollover like you might get with a Cyclades thing -- and you > >>>> don't have to come up with the weird-ass mappings for rj45-serial like > >>>> you might need like our ME4012 NAS (the serial cable is a stereo plug), > >>>> our smart power strips (it's either a stereo plug, or an rj12), or > >>>> something like an older brocade switch (it's a DE9, but it's friggin > >>>> ODD, and I think it may also be the wrong gender). > >>>> > >>>> It also means, since you're running a real OS, you have patches as long > >>>> as the OS is supported (so you're not stuck with "gee it only speaks > >>>> rsa1024"), versus some EOL appliance. But it's also 2u, and since we're > >>>> recently buying a lot of Dell hardware, that's Super Overkill for a > >>>> dell, so I'm evaluating maybe just going "Appliance". > >>>> > >>>> If we stick with an existing unix box for this, I'd want something with > >>>> proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth > >>>> atom64 supermicro you can find, in the event you need to do a reinstall > >>>> or catch a hung system. > >>>> > >>>> Are there things that other folks are using that are "easy" to work with > >>>> that you've found to have Long firmware lives, decent warranties and low > >>>> hassle? Does anything these days actually have DE9s on it? > >>>> > >>>> -Dan > >>>> > >>>> (You may have also seen my note earlier about the Cisco ASR920, which > >>>> has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the > >>>> host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the > >>>> USB pins. I've seen things you people would't believe) > >>>> _______________________________________________ > >>>> NANOG mailing list > >>>> https://lists.nanog.org/archives/list/[email protected]/message/5VV3B6CVSW3KVIFFU4GOF5V5FAI625IG/ > >>> > >>> > >>> -- > >>> - Andrew "lathama" Latham - > >>> _______________________________________________ > >>> NANOG mailing list > >>> https://lists.nanog.org/archives/list/[email protected]/message/CPBVORP6B7P5ZJ6CN4TX4YZNFYWZMGSC/ > > > > > _______________________________________________ > NANOG mailing list > https://lists.nanog.org/archives/list/[email protected]/message/Z4SBTD3J6VR24NDBUYWPIIGFQSTDZGWW/ -- - Andrew "lathama" Latham - _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/[email protected]/message/DJ3XMKQMR4KIGYDFWNDYDQTP7I7CAFN6/
