Michael T. Davis wrote:

> I have a "turnkey" OpenBSD 3.1 system on an i386 box running as a
> firewall. (It's turnkey in the sense that it's supported by someone else
> for such things as patches and OS upgrades and at present, it's stuck at
> v3.1 of
> the OS.) I'm in the configuration phase right now, so it's not hooked up
> to a
> network. I would still like to access it remotely, so I figured I could
> connect it's serial port to a PC (which is connected to the 'net) running
> Windows XP Pro, start a Remote Desktop session to the PC, then open a
> terminal
>

Can we assume you have a special reason for not using SSH ? That's how I
access all of the boxes I support.

In article , Keith Matthews
writes:

>Michael T. Davis wrote:
>
>> I have a "turnkey" OpenBSD 3.1 system on an i386 box running as a
>> firewall. (It's turnkey in the sense that it's supported by someone else
>> for such things as patches and OS upgrades and at present, it's stuck at
>> v3.1 of
>> the OS.) I'm in the configuration phase right now, so it's not hooked up
>> to a
>> network. I would still like to access it remotely, so I figured I could
>> connect it's serial port to a PC (which is connected to the 'net) running
>> Windows XP Pro, start a Remote Desktop session to the PC, then open a
>> terminal
>>
>
>Can we assume you have a special reason for not using SSH ? That's how I
>access all of the boxes I support.

...Because the system is not currently attached to a network. If you
might be suggesting to initiate a ssh connection to localhost immediately
after logging in via the serial port, that doesn't work either; I get "Host
key verification failed." SSH will be the preferred connection mechanism once
the system is placed in production.

Regards,
Mike
--
| Systems Specialist: CBE,MSE
Michael T. Davis | Departmental Networking/Computing
http://www.ecr6.ohio-state.edu/~davism/ | The Ohio State University
| 197 Watts, (614) 292-6928

In article ,
Michael T. Davis wrote:
> ...Because the system is not currently attached to a network. If you
>might be suggesting to initiate a ssh connection to localhost immediately
>after logging in via the serial port, that doesn't work either; I get "Host
>key verification failed." SSH will be the preferred connection mechanism once
>the system is placed in production.

Do not place an OpenBSD 3.1 system in production.

This system is about 4 years old, and runs an OS which is by now thoroughly
unsupported. I don't know the guy who pretends to support it, but it seems
pretty incredible to me. There have been nasty bugs, and local holes, and
remote holes in many applications you may have running on that box since
OpenBSD 3.1 came out...

In article , espie@lain.home (Marc Espie)
writes:

>In article ,
>Michael T. Davis wrote:
>> ...Because the system is not currently attached to a network. If you
>>might be suggesting to initiate a ssh connection to localhost immediately
>>after logging in via the serial port, that doesn't work either; I get "Host
>>key verification failed." SSH will be the preferred connection mechanism
> once
>>the system is placed in production.
>
>Do not place an OpenBSD 3.1 system in production.
>
>This system is about 4 years old, and runs an OS which is by now thoroughly
>unsupported. I don't know the guy who pretends to support it, but it seems
>pretty incredible to me. There have been nasty bugs, and local holes, and
>remote holes in many applications you may have running on that box since
>OpenBSD 3.1 came out...

FWIW, the system is quite stripped down from even a base install,
so that it can fit on a 64MB Flash card and then load and run on a RAMdisk.
Holes are patched when necessary, and of course most holes don't exist by
virtue of the lack of most applications and/or services that would normally
be running. root access is strictly controlled, and the root account is the
only real account on the system.

Basically what I have is all I'm going to get. As such, I need to
get the original question answered and leave discussions as to what version
I should(n't) be running for another time.

Thanks,
Mike
--
| Systems Specialist: CBE,MSE
Michael T. Davis | Departmental Networking/Computing
http://www.ecr6.ohio-state.edu/~davism/ | The Ohio State University
| 197 Watts, (614) 292-6928

In article ,
Michael T. Davis wrote:
>
>In article , espie@lain.home (Marc Espie)
>writes:

>>In article ,
>>Michael T. Davis wrote:
>>> ...Because the system is not currently attached to a network. If you
>>>might be suggesting to initiate a ssh connection to localhost immediately
>>>after logging in via the serial port, that doesn't work either; I get "Host
>>>key verification failed." SSH will be the preferred connection mechanism
>> once
>>>the system is placed in production.

>>Do not place an OpenBSD 3.1 system in production.

>>This system is about 4 years old, and runs an OS which is by now thoroughly
>>unsupported. I don't know the guy who pretends to support it, but it seems
>>pretty incredible to me. There have been nasty bugs, and local holes, and
>>remote holes in many applications you may have running on that box since
>>OpenBSD 3.1 came out...

> FWIW, the system is quite stripped down from even a base install,
>so that it can fit on a 64MB Flash card and then load and run on a RAMdisk.
>Holes are patched when necessary, and of course most holes don't exist by
>virtue of the lack of most applications and/or services that would normally
>be running. root access is strictly controlled, and the root account is the
>only real account on the system.


There are ways to build stripped down OpenBSD systems for a flashcard
that adapt quite nicely to recent versions (flashdist comes to mind).
In fact, I run one such system on my soekris, and I update it reasonably
frequently.


> Basically what I have is all I'm going to get. As such, I need to
>get the original question answered and leave discussions as to what version
>I should(n't) be running for another time.

Well, it's really difficult to actually answer your question in a useful
way. *a lot* of things changed since 3.1 (I don't think there was any
bsd_auth at the time, for instance), so anything I'm going to look at
is probably going to be a waste of time.

Anyways, /etc/ttys is the file that more or less controls what runs on
whichever line.

If you want to be able to login on a serial line, this usually looks like

# root login on serial port 0 at 19600 baud
/dev/tty00 "/usr/libexec/getty std.19600" vt100 on secure


at least on a recent OpenBSD system. No idea if that changed over the
last 4 years...

And in case somebody else is listening, what Michael T.Davis wants to
do here is a really bad idea. Do not ever consider putting a 4 years old
OpenBSD system into production.

In article , espie@lain.home (Marc Espie)
writes:

>In article ,
>Michael T. Davis wrote:
>>
>>In article , espie@lain.home (Marc Espie)
>>writes:
>
>>>In article ,
>>>Michael T. Davis wrote:
>>>> ...Because the system is not currently attached to a network. If you
>>>>might be suggesting to initiate a ssh connection to localhost immediately
>>>>after logging in via the serial port, that doesn't work either; I get "Host
>>>>key verification failed." SSH will be the preferred connection mechanism
>>> once
>>>>the system is placed in production.
>[...]
>
>Anyways, /etc/ttys is the file that more or less controls what runs on
>whichever line.
>
>If you want to be able to login on a serial line, this usually looks like
>
> # root login on serial port 0 at 19600 baud
> /dev/tty00 "/usr/libexec/getty std.19600" vt100 on secure
>
>
>at least on a recent OpenBSD system. No idea if that changed over the
>last 4 years...

It turns out the following in /etc/ttys did the trick:

tty00 "/usr/libexec/getty std.9600" vt220 on secure softcar

In particular, the "softcar" seemed to be the clincher. After this
modification...

# ttyflags -a
# kill -HUP 1

>
>And in case somebody else is listening, what Michael T.Davis wants to
>do here is a really bad idea. Do not ever consider putting a 4 years old
>OpenBSD system into production.

I couldn't agree more. Unfortunately, I'm dealing with politics and
perhaps a sense of "something is better than nothing." If I had my way, we'd
be running the most recent stable release of OpenBSD and it would be maintained
fanatically. If nothing else, perhaps my /etc/ttys contribution will help
someone else in a similar pickle.

Regards,
Mike
--
| Systems Specialist: CBE,MSE
Michael T. Davis | Departmental Networking/Computing
http://www.ecr6.ohio-state.edu/~davism/ | The Ohio State University
| 197 Watts, (614) 292-6928