Thu Jul 2 18:14:24 UTC 2015
Greg Lindahl <lindahl at pbm.com>

On Thu, Jul 02, 2015 at 12:30:47PM -0400, Paul Heinlein wrote:

> If your admins are comfortable with serial consoles, a concentrator
> like those available from Digi or WTI can offer fairly robust access
> controls; they can also be set to honor SSH keys rather than
> passwords, which may help increase security.

I've used those for devices that were fairly dumb, but for servers it
can be nicely cheaper to use serial-over-ipmi plus conman for that
purpose. It's necessary to log and monitor the serial consoles, there
are a variety of OOPses and BUGs and whatnot that only appear there.
I've been using 'conman' for this purpose.

I totally agree with you about having a separate admin-only network.
It's not that expensive to build one up using dumb switches.

-- greg