VCOND(8) UNIX System Manager's Manual VCOND(8) NAME vcond - virtual console server VERSION Beta version 1.1, 10/98. SYNOPSIS vcond [-f ] [-v] [-d] DESCRIPTION Vcond acts as a proxy for consoles connected to a terminal server. Its primary uses are to log console messages and to protect the console from telnet breaks. OPTIONS -f Use the specified as the config file. Default: /usr/local/etc/vcond.cf -v Increase verbosity level. Currently this causes the configuration to be printed when the program starts. -d Increase debugging output. More of these mean more output. OPERATION When there is no connected client, vcond keeps the log files and server connections open. All console output is written to the logs. A telnet client may connect to vcond at the listening port. It will be given a list of the available consoles and issued a prompt to make a selection. The selections include the machine consoles and the admin console. Each machine console can have only one connection at a time, but there may be multiple admin connections. If a machine console is selected, the server connection is closed, and a new one is established. All output from the server is forwarded to the client, and vice versa, with the exception of telnet breaks which are blocked from the client. A message is printed to the console log when a client connects and disconnects, but no other traffic on the connection is logged. If a port requires authentication, vcond will handle authentication for itself, for purposes of providing the console log. When a client connects, vcond will not do authentication for the client - the client will have to authenticate itself. Periodically, vcond will test all server connections. At these times, if a server connection is down, it will attempt to open a new one. It will also attempt to open the console log if it is not already open, and it will check that the listening socket is up. After a reasonable number of retries for the server connections and logs, it will give up. OUTPUT Aside from debugging output and logging, and communication over network connections, the only output is the process id, which is printed to stdout after initialization. CONFIGURATION FILE The configuration file consists of a number of lines each containing a keyword and a number of arguments separated by spaces. Comments (starting with '#' and continuing to the end of the line) and extra whitespace are ignored. The keywords and their arguments are: listen Listen for client connections on this port. admin Specify the admin password (encrypted). The encryption algorithm is the same as is used for user passwords. console Specify a console. is the name of the console, typically the name of the machine whose console it is. is the terminal server's address or name, and is the server's port to connect to. and specify the user and password to use when the port requires authentication (use '-' for these if they are not needed). Either a login and password or just a password may be specified, as appropriate. is the name of the log file to use. Note: The configuration file should be installed with restricted access, since it contains an encrypted admin password and clear text port passwords. LOG FILES Each console has an associated log file. When there is no client connection, all output (with the exception of telnet protocol junk) is written to the log. Control characters that are not otherwise meaningful are converted to 2-character strings of the format "^X". Other informational messages, such as when client connections are accepted and closed, when server connections are lost and reestablished, etc., are also printed to the logs. ADMIN CONSOLE A client, connected via the listening port, may switch to the admin console instead of a machine console. After supplying the correct password, the client may issue a number of commands. Some of these commands take at least one console name as an argument. In some cases, more than one console may be listed, separated by spaces, or the keyword "all" may be used. break Send a break to the specified console. This is often used to drop the machine into the boot monitor. (Breaks are filtered out of normal client connections.) Only one console may be specified, and 'all' may not be used. help or ? Print out helpful info on the available commands. kill Shut down the client connection(s) to the specified console(s). quit Quit out of the admin console and return to the select prompt. shutdown Close all connections and terminate the program. who List the consoles and information on any current connections, including the connected IP address and port, and the time the connection was made. write Write a message to the client(s) connected to the specified console(s). SIGNALS Vcond captures the following signals: SIGHUP This causes the log files to be closed and reopened. This is useful for rotating logs; the current log can be renamed before the SIGHUP is sent, thereby releasing the file and allowing a new file to be created with the old name. SIGTERM SIGINT Either of these cause vcond to shut down all connections, close all logs, and exit. DIAGNOSTICS If debugging is turned off (no -d switches used), all diagnostic output is logged to syslog after initialization. If debugging is on, output is logged to syslog as well as stderr. The following syslog priorities are used: LOG_DEBUG Debugging output is sent here if debugging is enabled. LOG_INFO Information about select and admin connections is sent here as well as notifications that may be useful to the security-conscious. Some other miscellaneous stuff may go here as well. LOG_WARN Miscellaneous warning messages, such as lost connections, failed system calls, etc. that are probably not of major concern are sent here. LOG_ERR This gets more serious errors that are likely to need attention. TERMINAL SERVER CONFIGURATION The terminal server must be configured for TCP connections to the consoles. It can either have separate IP addresses for each console or separate ports at the same address. The server may be configured to require authentication to connect to the ports. In this case, vcond must be configured with the necessary information to allow it to authenticate. See the section on the configuration file for more info. BUGS AND LIMITATIONS Bugs? What bugs? There are some arbitrary timeouts intended to make operation smoother. Under certain conditions, for example with a slow network connection, the timeouts may not be appropriate. Please report problems to me (see contact info below). FILES /usr/local/etc/vcond.cf default configuration file AUTHOR Copyright (C) 1998 Mark Schroeder (gort((at))site17.org). ACKNOWLEDGEMENTS Stanford University Genome Databases project, for testing and first practical use. Chuck Silvers (http://www.chuq.com), for lots of help, advice, and ideas.