[SDBUG] Remote power management recommendation

Vye Wilson vyeperman at gmail.com
Sat Dec 23 01:56:54 PST 2006 

Joseph,

I will only need telnet or snmp, I am looking to script reboots for a
potentially large amount of servers. My current testing needs though
include about 16 rackmounted servers most of which having no more than
260W PSU's. By "scripting reboots" I mean having an interface to
reboot them vs logging into them via telnet to perform the reboot.
Lemme know what you think.

On 12/22/06,  Joseph A. Kitzman <joseph at kitzman.org> wrote:
>  If you don't want to pay for a signed SSL certificate, then you need to
> generate a self signed certificate.  Using OpenSSL (to name one of a few),
> you can easily generate a self signed certificate for pretty much any
> service that will utilize it.
> -OR-
> You could go get a certificate signed for free from a company like
> http://www.cacert.org/ -- I'm not sure how mainstream they are, but I like
> where they're going with their project.
> -OR-
> If you're a really crazy super mega deluxe systems admin, you can build your
> own Certificate Authority for your local machines to utilize.  Don't even
>  try this unless you know the ropes.
>
> For the record, I buy my cheap certificates from Network Solutions
> (www.netsolssl.com) for $129 a year.  When I need to roll out certificates
> on a higher visibility site, I'll go to the expense of using a VeriSign
> (www.verisign.com) certificate.  Why you ask? The logo. I pay $1000 more a
> year for a stupid little logo that everybody and their mother has come to
> recognize as the standard for internet SSL encryption.  Who knows if they
> even click on it or know what it means, but it sure brings about the warm
> fuzzies and that keeps me employed.
>
> I don't really have the time nor the desire to demystify PKI for you, but
> you can easily learn from the various docs and HOWTOs out there.  Here's a
> few sites from my bookmarks that you may enjoy:
>
> http://sial.org/howto/openssl/
>  https://www.netsolssl.com/support/index.html
> https://www.netsolssl.com/support/install/index.php
> And the obligatory:
>  http://www.justfuckinggoogleit.com/
>
>
> --
>
> NOW, to the RS232/telnet/ssh debate... my short comment is "security might
> not be so important here".  Somewhere a security elitest just cried out in
> pain, but my view on remote power switches may differ from that of other
> admins.
>
>
> In my professional opinion, remote power switches are out of band devices.
> This type of device doesn't always need an IP address to be useful,
> certainly not a routable address.  Plain and simple, they exist to cover
> your own ass.  You dial your modem directly into them or into an oob router
> and bounce your server. Scenarios where they've come in handy for me:
>
> 1. Pushing live a fubar border router config at 3AM.  Bounce the router to
> load the previous config.
> 2. Kernel panic.  Waking the remote datacenter technician in the middle of
> the night is going to rack up a $100 charge.
> 3. A friend decides to test a new forkbomb on your server in Virginia while
> you're on a 3 day bender in Las Vegas.
>
> The list goes on.
>
> The devices with the IKE-IPSEC HTTPS 3DES TWOFISH AES DES Java applet are
> fun, but they generally come with a hell of a price tag.  Great for watching
> your load and compiling any statistic you could possibly want, but that's
> not always going to be of key importance.  It all really depends on your
> use.  Small project/Big project. Patchwork servers/Clusters. Penny
> pinchers/Big Budget.
>
> Tell me more about your needs, your power draw, and your setup and I'll make
> a better recommendation for a power switch.
>
> ---
>
> Oh, and Peter, "man 4 random".  Lots of good info in there.
>
>
>
> > -----Original Message-----
> > From: sdbug-bounces at sdbug.org [mailto: sdbug-bounces at sdbug.org] On Behalf
> > Of Peter Leftwich
> > Sent: Thursday, December 21, 2006 10:25 PM
> > To: SDBUG
> > Subject: Re: [SDBUG] Remote power management recommendation
> >
> > On Thu, 21 Dec 2006, Bill Studenmund wrote:
> > > Unfortunately all of the devices I'm aware of don't do ssh. If they do
> > > more than telnet (which they should!), they go for http or https. I'd
> > love
> > > to hear of a power controller that does ssh.
> > >
> > > One problem with ssh is that you run into key management issues. They're
> > > no big deal for desktops (where you can log in and manage the keys
> > easily)
> > > but can be an issue for embedded devices.
> > >
> > > Usually what folks do is telnet from a local device; one in the same
> > > switch. That way the clear-text issues with telnet are minimized. Take
> > care,
> > > Bill
> >
> > Re https, if you host a box and don't want to pay for an SSL CERT, is
> > there a free source way to issue your own keys and then be able to do
> > https that way?  I guess what I'm asking is, even though your browser will
> > pop up and say the authenticity of the CERT is not verified, but let's say
> > for example you run https webmail on your box .. is this setup common?
> >
> > PS. Re ssh I wonder what /dev/random info it gets to randomize and
> > generate keys, mouse movements?  PC Fan variations?
> >
> > --
> > Peter Leftwich, Owner
> > Video2Video Services
> > Box 13692, La Jolla, CA, 92039, USA
> >  http://Www.Video2Video.Com
> > _______________________________________________
> > SDBUG mailing list
> > SDBUG at sdbug.org
> >  http://lists.sdbug.org/mailman/listinfo/sdbug
>
>
> _______________________________________________
> SDBUG mailing list
> SDBUG at sdbug.org
>  http://lists.sdbug.org/mailman/listinfo/sdbug
>
>
>



-- 
--Vye

More information about the SDBUG mailing list