CONSERVERSection: Maintenance Commands (8)
Return to Main Contents
NAMEconserver - console server daemon
SYNOPSISconserver [-7dDhinouvV] [-a type] [-m max] [-M addr] [-p port] [-b port] [-C config] [-P passwd] [-L logfile] [-O min]
DESCRIPTIONConserver is the daemon that manages remote access to system consoles by multiple users via the console(1) client program and logs all console output. It can connect to consoles via local serial ports or terminal servers that allow network access, or to any external program.
When started, conserver reads its conserver.cf(5) file for details of each console it should manage, including serial port or network parameters and logging options. (Also, in environments where multiple servers share a cf file, any server is able to refer clients to the particular server managing a requested console, so that the client need not have knowledge of the distribution of consoles among servers.) Conserver forks a child for each group of consoles it must manage and assigns each process a port number to listen on. The maximum number of consoles managed by each child process is set using -m option. The console(1) client program communicates with the master console server process to find the port (and host, in a multi-server configuration) on which the appropriate child is listening. The master conserver process forks a new process to handle each incoming client connection (which should be very short-lived, since it's duty is to redirect the client to a child). Conserver restricts connections from clients based on the host access section of its conserver.cf(5) and authenticates users against its conserver.passwd(5) file. Conserver can also restrict clients using the tcp-wrappers package (enabled using --with-libwrap). This authentication is done before consulting the conserver.cf(5) access list.
Conserver completely controls any connection to a controlled host. All escape sequences given by the user to console are passed to the server without interpretation. The server recognizes and processes all escape sequences, except the suspend sequence, which is recognized by the server and sent as a TCP out-of-band command from the server to the client.
The conserver parent process will automatically respawn any child process that dies. The following signals are propagated by the parent process to its children.
Slave hosts which have no current console(1) connection might produce important error messages. With the -u option, these unloved errors are labeled with a machine name and output on stdout (or, in daemon mode, to the logfile). This allows a live operator or an automated log scanner to find otherwise unseen errors by watching in a single location.
Conserver must be run as root if it is to bind to a port under 1024 or if it must read a shadow passwd file for authentication (see conserver.passwd(5)). Otherwise, it may be run by any user, with -p used to specify a port above 1024.
Options may be given as separate arguments (e.g., -n -d) or clustered (e.g., -nd). Options and their arguments may be separated by optional white space. Option arguments containing spaces or other characters special to the shell must be quoted.
The following default file locations may be overridden at compile time or by the command-line options described above. Run conserver -V (with no other options) to see the defaults set at compile time.
Additionally, output from individual consoles may be logged to separate files specified in conserver.cf(5).
BUGSAll client/server traffic (including root and user passwords) is passed ``in the clear''. Extreme care should be taken to insure no one is ``snooping'' this private data. One day the traffic will be encrypted.
AUTHORSThomas A. Fine, Ohio State Computer Science
Kevin S Braunsdorf, Purdue University Computing Center
Bryan Stansell, conserver.com
SEE ALSOconsole(1), conserver.cf(5), conserver.passwd(5)
This document was created by man2html, using the manual pages.
Time: 21:46:24 GMT, March 03, 2024