Re: rebooting into single user mode on a remote server
--- Bob <[EMAIL PROTECTED]> wrote: > On Monday 18 September 2006 13:51, backyard wrote: > > > By call-back mode do you mean log into the system > via > > network and have it call your local system for > > administration > > No modems like the US Robotics V.Everything can > be programmed with a > call-back feature. You dial up the modem, it askes > you for a password, you > supply the password, and it then hangs up on you, > picks up the line, and > calls back a configured phone number. You program > the modem to call YOU back > on a number which has a modem connected, and waiting > for an inbound data > call. your modem answers, and you are connected. > You then negotiate > access to the server (name/passwd) over the serial > link. > > If the remote is connected to the the target serial > port consol, you have a > pretty hack-proof (nothing is really hack-proof) > console access. The modem > will only call a pre-set number, so even if someone > got your password, the > modem would only call you, not the hacker. > > Bob > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > so thats why the Couriers were the Cadillacs of the phone lines... Never had one with such fancyness built-in to it. That is good to know for the future. I would concur security is an illusion we fill with smoke and mirrors to confuse management... I especially like messing with IT at my job when they tell me they have locked access off the network with a new administrators password and Windows Server 2003... Of course they don't lock the doors on the server room so I can go in there with a boot disk of my liking and gain access to whatever I want, or run a bulk tape eraser passed the RAIDS... :) now if I can just convince the head of IT he doesn't need that Courier V.Everything anymore... -brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
On Monday 18 September 2006 13:51, backyard wrote: > By call-back mode do you mean log into the system via > network and have it call your local system for > administration No modems like the US Robotics V.Everything can be programmed with a call-back feature. You dial up the modem, it askes you for a password, you supply the password, and it then hangs up on you, picks up the line, and calls back a configured phone number. You program the modem to call YOU back on a number which has a modem connected, and waiting for an inbound data call. your modem answers, and you are connected. You then negotiate access to the server (name/passwd) over the serial link. If the remote is connected to the the target serial port consol, you have a pretty hack-proof (nothing is really hack-proof) console access. The modem will only call a pre-set number, so even if someone got your password, the modem would only call you, not the hacker. Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
Hi there... Just to contribute, I also ALWAYS upgrade my systems without single user mode, for "remote" reasons... ;-) Same instructions: shut down all services, except inetd/ssh, installworld, mergemaster and reboot... I even posted in this list, months ago, a step-by-step to remotely upgrade from 4.x to 6.x. I agree that this is a very risky task, but before the first production server, I tried more than 40 times (not kidding) in my test lab. []´s -- Rafael Mentz Aquino BSDServer Ltda. 51 - 9847 8825 -- Original Message --- From: Daniel Gerzo <[EMAIL PROTECTED]> To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> Cc: freebsd-questions@freebsd.org Sent: Sun, 17 Sep 2006 22:32:05 +0200 Subject: Re: rebooting into single user mode on a remote server > Hello pobox, > > Saturday, September 16, 2006, 8:47:04 PM, you wrote: > > > Hello, > > > could somebody help me to understand the best way to enter into a single > > user mode on a remote server. > > > I need it for the moment, during rebuilding world, when I have to reboot > > into single user mode before 'mergemaster -p'. > > I don't want to persuade you to something that is not officially > supported, but I have never booted into single user mode while > upgrading my FreeBSD boxes and I have never experienced any problems > because of this. Just try to skip the reboot step and go ahead. It > works(tm) for me this way. > > If you are paranoid, try to stop all running services except the ssh > deamon. > > -- > Best regards, > Danielmailto:[EMAIL PROTECTED] > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" --- End of Original Message --- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
--- Bob <[EMAIL PROTECTED]> wrote: > On Sunday 17 September 2006 23:51, backyard wrote: > > >modems are relatively cheap. > > And, if you put it into "call-back" mode, it becomes > one of the most secure > methods of doing a remote serial console; plus you > have the added advantage > of the remote site footing the bill for the call :-) > > Bob > > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > and billing a client directly for working on their equipment is always better then waiting on POs... By call-back mode do you mean log into the system via network and have it call your local system for administration, or is it like a *69 scenario. Its been a while since I played with my modem. -brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
On Sunday 17 September 2006 23:51, backyard wrote: >modems are relatively cheap. And, if you put it into "call-back" mode, it becomes one of the most secure methods of doing a remote serial console; plus you have the added advantage of the remote site footing the bill for the call :-) Bob ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
--- Ahmad Arafat Abdullah <[EMAIL PROTECTED]> wrote: > > > - Original Message - > > From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > > To: "Daniel Gerzo" <[EMAIL PROTECTED]> > > Subject: Re: rebooting into single user mode on a > remote server > > Date: Sun, 17 Sep 2006 23:49:34 +0200 > > > > > > Daniel Gerzo wrote: > > > Hello pobox, > > > > > > Saturday, September 16, 2006, 8:47:04 PM, you > wrote: > > > > > >> Hello, > > > > > >> could somebody help me to understand the best > way to enter into a single > > >> user mode on a remote server. > > > > > >> I need it for the moment, during rebuilding > world, when I have to reboot > > >> into single user mode before 'mergemaster -p'. > > > > > > I don't want to persuade you to something that > is not officially > > > supported, but I have never booted into single > user mode while > > > upgrading my FreeBSD boxes and I have never > experienced any problems > > > because of this. Just try to skip the reboot > step and go ahead. It > > > works(tm) for me this way. > > > > > > If you are paranoid, try to stop all running > services except the ssh > > > deamon. > > > > Phew... I hear this again and again. > > > > Only I am not sure I have the level of boldness to > do this on a > > production machine. > > > > Isn't the following sequence of steps similar - > 'shutdown -r now' > > (reboots in multi-user mode), and then immediately > 'shutdown now' > > (drops to single user mode)? > > > > Iv. > > > > ___ > > freebsd-questions@freebsd.org mailing list > > > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" > > > > > > dudes, > > I never tried it, and not dare to try it.. because > it's a remote server and > single mode maybe ( I'm not sure dude ) cut off all > network connections from > inside and outside.. > > anyway for remote servers, i'm prefer make > installwold in normal mode.. it's safer > > > TQ > the best possible only way is to use a serial console via a modem, which could drop out during the update, or a network accessable serial multiplexer. Those are expensive, modems are relatively cheap. Both require a serial console enabled kernel on the server. the only other way would be to have a cheap old box that can be connected to over the network with a null modem between it and the server. you would want this box to be UBER secured because it is a console to the system. There are ways of doing this so that a remote trigger is required to boot this system, but such methods require relays, a soldering iron, and some paranoia to complete. The gist of it is you will need a serial console on the server. Then you need a way to connect this serial line to your remote location. the easiest. cheapest, and least likely to fail is an old 486 or p1. p2 whatever you have lieing around that can be remoted connected to via ssh. if security is a concern you should use a key connection with no passwords. the user on that box doesn't have to be root, but he will need to be able to access the serial ports. then via a communications program available in ports take your pick you connect via a null modem to the server. you can then login and shutdown to single user mode on the server and upgrade to your hearts desires. -brian ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
> - Original Message - > From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> > To: "Daniel Gerzo" <[EMAIL PROTECTED]> > Subject: Re: rebooting into single user mode on a remote server > Date: Sun, 17 Sep 2006 23:49:34 +0200 > > > Daniel Gerzo wrote: > > Hello pobox, > > > > Saturday, September 16, 2006, 8:47:04 PM, you wrote: > > > >> Hello, > > > >> could somebody help me to understand the best way to enter into a single > >> user mode on a remote server. > > > >> I need it for the moment, during rebuilding world, when I have to reboot > >> into single user mode before 'mergemaster -p'. > > > > I don't want to persuade you to something that is not officially > > supported, but I have never booted into single user mode while > > upgrading my FreeBSD boxes and I have never experienced any problems > > because of this. Just try to skip the reboot step and go ahead. It > > works(tm) for me this way. > > > > If you are paranoid, try to stop all running services except the ssh > > deamon. > > Phew... I hear this again and again. > > Only I am not sure I have the level of boldness to do this on a > production machine. > > Isn't the following sequence of steps similar - 'shutdown -r now' > (reboots in multi-user mode), and then immediately 'shutdown now' > (drops to single user mode)? > > Iv. > > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > dudes, I never tried it, and not dare to try it.. because it's a remote server and single mode maybe ( I'm not sure dude ) cut off all network connections from inside and outside.. anyway for remote servers, i'm prefer make installwold in normal mode.. it's safer TQ -- ___ Play 100s of games for FREE! http://games.mail.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
Daniel Gerzo wrote: Hello pobox, Saturday, September 16, 2006, 8:47:04 PM, you wrote: Hello, could somebody help me to understand the best way to enter into a single user mode on a remote server. I need it for the moment, during rebuilding world, when I have to reboot into single user mode before 'mergemaster -p'. I don't want to persuade you to something that is not officially supported, but I have never booted into single user mode while upgrading my FreeBSD boxes and I have never experienced any problems because of this. Just try to skip the reboot step and go ahead. It works(tm) for me this way. If you are paranoid, try to stop all running services except the ssh deamon. Phew... I hear this again and again. Only I am not sure I have the level of boldness to do this on a production machine. Isn't the following sequence of steps similar - 'shutdown -r now' (reboots in multi-user mode), and then immediately 'shutdown now' (drops to single user mode)? Iv. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
Hello pobox, Saturday, September 16, 2006, 8:47:04 PM, you wrote: > Hello, > could somebody help me to understand the best way to enter into a single > user mode on a remote server. > I need it for the moment, during rebuilding world, when I have to reboot > into single user mode before 'mergemaster -p'. I don't want to persuade you to something that is not officially supported, but I have never booted into single user mode while upgrading my FreeBSD boxes and I have never experienced any problems because of this. Just try to skip the reboot step and go ahead. It works(tm) for me this way. If you are paranoid, try to stop all running services except the ssh deamon. -- Best regards, Danielmailto:[EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
Matthew Seaman wrote: [EMAIL PROTECTED] wrote: Hello, could somebody help me to understand the best way to enter into a single user mode on a remote server. I need it for the moment, during rebuilding world, when I have to reboot into single user mode before 'mergemaster -p'. The only solution I found so far is to do 'shutdown -r now' and when the server boots to login with ssh and do 'shutdown now' - which should drop it to single user mode. I can ask the support at the hosting location to reboot in single user mode, but I do not know if I will have ssh then? Alternatively I can ask them to do the last few steps. Yep. You've become the latest person to realise this perennial problem. In order to follow the upgrade instructions in the Handbook or /usr/src/UPDATING to the letter, you need console access to the machine being updated. That is no problem when the machine is on your desk, or probably not if it's just down the hall. But when it's in a hosting centre umpty dozen miles away and you can't actually get to it? There are essentially three possibilities. i) You've thought of this approach already: get someone local to the machine to do the bits requiring the console access. That works if the people at the other site are competent and trustworthy, and you can afford to pay for their time. ii) The next solution, and on the whole, probably the best solution available, is to arrange to get remote console access. That can be expensive if you go down the route of buying a dedicated console server. Or it can be very cheap indeed if you have another FreeBSD box close by the machine you're trying to update and you can string null modem cables between their serial ports. Then you configure your FreeBSD box requiring update to use ttya as its console and use tip(1) to get into it from the other machine. (Actually, you could probably make that approach work from any other unixoid OS or even from Windows so long as you can find the right serial console emulation software). If you're really lucky, you're running flashy new hardware with IPMI or similar "lights out" management capability and can get into the machine through that. It doesn't work in anything like the same way as a serial console, but the end result is just as good. iii) Finally, and not to be dismissed without due consideration, is the really quite simple approach of /not/ taking the machine down to single user mode. Most of the time, you can quite happily run 'make installworld' or 'make installkernel' or 'mergemaster' while the system is in multiuser mode. You should shutdown all active services except what you need to get in remotely and you should kick any other users off the machine as well as generally taking steps to ensure the machine is as quiescent as possible before trying that. You should also have a 'back to square one' plan for dealing with the eventuality that the machine does not come back after attempting to reboot into the new kernel -- you really absolutely will require someone quite FreeBSD savvy to get onto the console to unfuck things if so, and that illustrates the big drawback to this approach: if it goes wrong, you are truly left up a gum tree without a paddle. Don't try approach (iii) for an upgrade over too many version numbers at once. Jumping from, say 6.1-RELEASE to 6.1-RELEASE-p6 should be feasible, as should jumping from 6.0-RELEASE to 6.1-RELEASE. Going from say 5.5-RELEASE to 6.1-RELEASE is only for the brave or the most highly skilled, and anything more than that is only for the foolhardy. Neither is it a good idea to do method (iii) if you're making any major changes to the hardware on the system. Nor does approach (iii) mix at all well with the use of raised secure levels. Cheers, Matthew Matthew, thanks (and all others) for the detailed reply. The possibilities are now kind of clear to me and I'll have to work out which one I can implement best. Thanks a lot again, Iv ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
> In order to follow the upgrade instructions in the Handbook or > /usr/src/UPDATING to the letter, you need console access to the > machine being updated. That is [a] problem ... when it's in a > hosting centre umpty dozen miles away ... > > There are essentially three possibilities. > > i) get someone local to the machine to do the bits requiring the > console access ... > > ii) arrange to get remote console access. That can be expensive > if you go down the route of buying a dedicated console server. > Or it can be very cheap indeed if you have another FreeBSD box > close by the machine you're trying to update and you can string > null modem cables between their serial ports ... > > iii) Finally, and not to be dismissed without due consideration, > is the really quite simple approach of /not/ taking the machine > down to single user mode ... iv) (actually a variant of ii, but different enough to warrant separate mention IMO) Put a "PC Weasel" or similar in any machine that is going to be located remotely. This card looks like a VGA to the machine, but allows for remote access. The simple ones support only text mode via a serial port; some of the fancier ones act as X11 clients so as to also support graphics modes. This gives you access not only to the FreeBSD console, but to the BIOS. And no, I do not work for any manufacturer or supplier of such. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
On Sep 17, 2006, at 2:47 AM, [EMAIL PROTECTED] wrote: Hello, could somebody help me to understand the best way to enter into a single user mode on a remote server. I need it for the moment, during rebuilding world, when I have to reboot into single user mode before 'mergemaster -p'. I had this same issue last week... fortunately, my hosting provider had a remote KVM solution and hooked it up to my server while I got the job done. btw, that provider was m5hosting.com. I originally found them from the freebsd.org community page and have been very happy with their knowledge and support. good luck, ke han The only solution I found so far is to do 'shutdown -r now' and when the server boots to login with ssh and do 'shutdown now' - which should drop it to single user mode. I can ask the support at the hosting location to reboot in single user mode, but I do not know if I will have ssh then? Alternatively I can ask them to do the last few steps. Thank you for your advises, Iv. -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions- [EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: rebooting into single user mode on a remote server
[EMAIL PROTECTED] wrote: > Hello, > > could somebody help me to understand the best way to enter into a single > user mode on a remote server. > > I need it for the moment, during rebuilding world, when I have to reboot > into single user mode before 'mergemaster -p'. > > The only solution I found so far is to do 'shutdown -r now' and when the > server boots to login with ssh and do 'shutdown now' - which should drop > it to single user mode. > > I can ask the support at the hosting location to reboot in single user > mode, but I do not know if I will have ssh then? > > Alternatively I can ask them to do the last few steps. Yep. You've become the latest person to realise this perennial problem. In order to follow the upgrade instructions in the Handbook or /usr/src/UPDATING to the letter, you need console access to the machine being updated. That is no problem when the machine is on your desk, or probably not if it's just down the hall. But when it's in a hosting centre umpty dozen miles away and you can't actually get to it? There are essentially three possibilities. i) You've thought of this approach already: get someone local to the machine to do the bits requiring the console access. That works if the people at the other site are competent and trustworthy, and you can afford to pay for their time. ii) The next solution, and on the whole, probably the best solution available, is to arrange to get remote console access. That can be expensive if you go down the route of buying a dedicated console server. Or it can be very cheap indeed if you have another FreeBSD box close by the machine you're trying to update and you can string null modem cables between their serial ports. Then you configure your FreeBSD box requiring update to use ttya as its console and use tip(1) to get into it from the other machine. (Actually, you could probably make that approach work from any other unixoid OS or even from Windows so long as you can find the right serial console emulation software). If you're really lucky, you're running flashy new hardware with IPMI or similar "lights out" management capability and can get into the machine through that. It doesn't work in anything like the same way as a serial console, but the end result is just as good. iii) Finally, and not to be dismissed without due consideration, is the really quite simple approach of /not/ taking the machine down to single user mode. Most of the time, you can quite happily run 'make installworld' or 'make installkernel' or 'mergemaster' while the system is in multiuser mode. You should shutdown all active services except what you need to get in remotely and you should kick any other users off the machine as well as generally taking steps to ensure the machine is as quiescent as possible before trying that. You should also have a 'back to square one' plan for dealing with the eventuality that the machine does not come back after attempting to reboot into the new kernel -- you really absolutely will require someone quite FreeBSD savvy to get onto the console to unfuck things if so, and that illustrates the big drawback to this approach: if it goes wrong, you are truly left up a gum tree without a paddle. Don't try approach (iii) for an upgrade over too many version numbers at once. Jumping from, say 6.1-RELEASE to 6.1-RELEASE-p6 should be feasible, as should jumping from 6.0-RELEASE to 6.1-RELEASE. Going from say 5.5-RELEASE to 6.1-RELEASE is only for the brave or the most highly skilled, and anything more than that is only for the foolhardy. Neither is it a good idea to do method (iii) if you're making any major changes to the hardware on the system. Nor does approach (iii) mix at all well with the use of raised secure levels. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
