On Thu, Jul 02, 2015 at 12:30:47PM -0400, Paul Heinlein wrote: > If your admins are comfortable with serial consoles, a concentrator > like those available from Digi or WTI can offer fairly robust access > controls; they can also be set to honor SSH keys rather than > passwords, which may help increase security. I've used those for devices that were fairly dumb, but for servers it can be nicely cheaper to use serial-over-ipmi plus conman for that purpose. It's necessary to log and monitor the serial consoles, there are a variety of OOPses and BUGs and whatnot that only appear there. I've been using 'conman' for this purpose. I totally agree with you about having a separate admin-only network. It's not that expensive to build one up using dumb switches. -- greg