Provided by: conserver-server_8.1.13-1_i386 bug

NAME

       conserver - console server daemon

SYNOPSIS

       conserver  [-7dDEFhinoRSuvV]  [-a  type] [-m max] [-M master] [-p port]
       [-b port] [-c cred] [-C config] [-P passwd] [-L logfile] [-O  min]  [-U
       logfile]

DESCRIPTION

       Conserver  is  the daemon that manages remote access to system consoles
       by multiple users via  the  console(1)  client  program  and  logs  all
       console  output.   It  can  connect to consoles via local serial ports,
       terminal servers that allow network access, or to any external program.

       When  started,  conserver reads its conserver.cf(5) file for details of
       each console  it  should  manage,  including  serial  port  or  network
       parameters  and logging options.  (Also, in environments where multiple
       servers share a cf file, any server is able to  refer  clients  to  the
       particular server managing a requested console, so that the client need
       not have knowledge of the  distribution  of  consoles  among  servers.)
       Conserver  forks  a child for each group of consoles it must manage and
       assigns each process a port number to listen on.  The maximum number of
       consoles managed by each child process is set using the -m option.  The
       console(1) client program communicates with the master  console  server
       process to find the port (and host, in a multi-server configuration) on
       which  the  appropriate  child  is  listening.    Conserver   restricts
       connections  from  clients  based  on  the  host  access section of its
       conserver.cf(5) file, restricts users based on the console access lists
       of  the  conserver.cf(5)  file,  and  authenticates  users  against its
       conserver.passwd(5) file.  Conserver can also  restrict  clients  using
       the   tcp-wrappers   package   (enabled  using  --with-libwrap).   This
       authentication is done before  consulting  the  conserver.cf(5)  access
       list.

       When  Unix  domain  sockets  are  used  between  the  client and server
       (enabled using --with-uds),  authentication  checks  are  done  on  the
       hardcoded  address ‘‘127.0.0.1’’.  Automatic client redirection is also
       disabled (as if the  -R  option  was  used)  since  the  client  cannot
       communicate  with  remote  servers.   The  directory  used  to hold the
       sockets is checked to make sure it’s empty when the server starts.  The
       server  will not remove any files in the directory itself, just in case
       the directory is accidentally  specified  as  ‘‘/etc’’  or  some  other
       critical  location.   The  server  will  do  its best to remove all the
       sockets when it shuts down, but  it  could  stop  ungracefully  (crash,
       ‘‘kill  -9’’,  etc) and leave files behind.  It would then be up to the
       admin (or a creative startup script) to clean up the  directory  before
       the server will start again.

       Conserver  completely controls any connection to a console.  All escape
       sequences given by the user to console are passed to the server without
       interpretation.    The  server  recognizes  and  processes  all  escape
       sequences.

       The conserver parent  process  will  automatically  respawn  any  child
       process  that dies.  The following signals are propagated by the parent
       process to its children.

       SIGTERM   Close all connections and exit.

       SIGHUP    Reread the configuration file.  New consoles are  managed  by
                 forking   off  new  children,  deleted  consoles  (and  their
                 clients) are dropped, and changes to consoles  are  done  "in
                 place",  resetting the console port (bringing it down and up)
                 only when necessary.  The console name is used  to  determine
                 when  consoles  have been added/removed/changed.  All actions
                 performed by SIGUSR2 are also performed.

       SIGUSR1   Try to connect to any consoles marked as down.  This can come
                 in  handy  if you had a terminal server (or more) that wasn’t
                 accepting connections at startup and you  want  conserver  to
                 try to reconnect to all those downed ports.

       SIGUSR2   Close  and reopen all console logfiles and, if in daemon mode
                 (-d option), the error logfile  (see  the  -L  option).   All
                 actions performed by SIGUSR1 are also performed.

       Consoles   which  have  no  current  client  connection  might  produce
       important error messages.  With the -u option, these ‘‘unloved’’ errors
       are  labeled  with  a  machine name and output on stdout (or, in daemon
       mode, to the logfile).  This allows a live operator or an automated log
       scanner  to  find  otherwise  unseen  errors  by  watching  in a single
       location.

       Conserver must be run as root if it is to bind to a port under 1024  or
       if  it  must  read protected password files (like shadow passwords) for
       authentication (see conserver.passwd(5)).  Otherwise, it may be run  by
       any user, with -p used to specify a port above 1024.

       If  encryption has been built into the code (--with-openssl), encrypted
       client connections (without certificate exchanges) happen  by  default.
       To  add  certificate  exchanges,  use the -c option with the client and
       server.  For authentication of the certificates to  work,  the  signing
       certificate  must  be  properly trusted, which usually means the public
       portion is in OPENSSL_ROOT/ssl/certs (on both  the  client  and  server
       sides).    See   the  sample  self-signing  certificate  making  script
       contrib/maketestcerts for further clues.  To allow non-encrypted client
       connections  (in  addition to encrypted client connections), use the -E
       option.

OPTIONS

       Options may be given as separate arguments (e.g., -n -d)  or  clustered
       (e.g.,  -nd).  Options and their arguments may be separated by optional
       white space.  Option arguments containing spaces  or  other  characters
       special to the shell must be quoted.

       -7          Strip  the  high bit off of all data received, whether from
                   the console client or from the console device,  before  any
                   processing occurs.

       -atype      Set  the  default access type for incoming connections from
                   console clients: ‘r’ for refused  (the  default),  ‘a’  for
                   allowed,  or  ‘t’  for  trusted.  This applies to hosts for
                   which no matching entry is found in the access  section  of
                   conserver.cf(5).

       -bport      Set  the  base  port for children to listen on.  Each child
                   starts looking for free ports at port and  working  upward,
                   trying a maximum number of ports equal to twice the maximum
                   number of groups.  If no free ports are available  in  that
                   range,  conserver  exits.   By  default, conserver lets the
                   operating system choose a free port.

       -ccred      Load an SSL certificate and key from the PEM  encoded  file
                   cred.

       -Cconfig    Read  configuration  information from the file config.  The
                   default config may be changed at  compile  time  using  the
                   --with-cffile option.

       -d          Become a daemon.  Disconnects from the controlling terminal
                   and sends all output (including any debug  output)  to  the
                   logfile (see -L).

       -D          Enable  debugging  output,  sent  to  stderr.   Multiple -D
                   options increases debug output.

       -E          If  encryption  has  been  built  into  the  code  (--with-
                   openssl),  encrypted  client connections are a requirement.
                   This  option  allows  non-encrypted  clients  (as  well  as
                   encrypted clients) to connect to consoles.

       -F          Do  not  automatically  reinitialize  failed  (unexpectedly
                   closed) consoles.  If the console is a program (‘|’ syntax)
                   and  it  closes  with  a  zero  exit status, the console is
                   reinitialized regardless  of  this  option.   Without  this
                   option,  a  console  is  immediately  reopened, and if that
                   fails, retried every minute until successful.  This  option
                   has no effect on the -o and -O options.

       -h          Output a brief help message.

       -i          Initiate console connections on demand (and close them when
                   not used).

       -Llogfile   Log errors and  informational  messages  to  logfile  after
                   startup  in  daemon  mode (-d).  This option does not apply
                   when not running in daemon mode.  The default  logfile  may
                   be changed at compile time using the --with-logfile option.

       -mmax       Set the maximum consoles managed per process.  The  default
                   max may be changed at compile time using the --with-maxmemb
                   option.

       -Mmaster    Normally, this allows conserver to bind to a particular  IP
                   address  (like ‘127.0.0.1’) instead of all interfaces.  The
                   default is to bind to all addresses.  However,  if  --with-
                   uds   was   used   to   enable   Unix  domain  sockets  for
                   client/server communication, this points conserver  to  the
                   directory  where  it should store the sockets.  The default
                   master directory (‘‘/tmp/conserver’’)  may  be  changed  at
                   compile time using the --with-uds option.

       -n          Obsolete (now a no-op); see -u.

       -o          Normally,  a client connecting to a ‘‘downed’’ console does
                   just  that.    Using   this   option,   the   server   will
                   automatically  attempt  to  open (‘‘bring up’’) the console
                   when the client connects.

       -Omin       Enable  periodic  attempts  (every  min  minutes)  to  open
                   (‘‘bring  up’’)  all  downed consoles (similar to sending a
                   SIGUSR1).  Without this option,  or  if  min  is  zero,  no
                   periodic attempts occur.

       -pport      Set the TCP port for the master process to listen on.  This
                   may be either a port number or a service name.  The default
                   port,  ‘‘conserver’’  (typically  782),  may  be changed at
                   compile time using the --with-port option.  If the  --with-
                   uds option was used, this option is ignored.

       -Ppasswd    Read  the  table  of  authorized  user  data  from the file
                   passwd.  The default passwd may be changed at compile  time
                   using the --with-pwdfile option.

       -R          Disable  automatic  client  redirection  to other conserver
                   hosts.  This means informational commands like  -w  and  -i
                   will  only  show the status of the local conserver host and
                   attempts to connect to remote consoles will  result  in  an
                   informative message to the user.

       -S          Do  not  run  the  server,  just  perform a syntax check of
                   configuration file and exit with a non-zero value if  there
                   is  an  error.  Using more than one -S will cause conserver
                   to output various  information  about  each  console  in  5
                   colon-separated  fields,  enclosed  in  curly-braces.   The
                   philosophy behind the output is to provide  information  to
                   allow  external  detection  of multiple consoles access the
                   same physical port.   Since  this  is  highly  environment-
                   specific, conserver cannot do the check internally.

                   name     The name of the console.

                   master   The  hostname of the master conserver host for the
                            console.

                   aliases  The console aliases in a comma-separated list.

                   type     The type of console.  Values will be a ‘/’  for  a
                            local  device,  ‘|’  for  a  command, or ‘!’ for a
                            remote port.

                   details  Multiple values are comma-separated and depend  on
                            the  type of the console.  Local devices will have
                            the  values  of   the   device   file   and   baud
                            rate/parity.  Commands will have string to invoke.
                            Remote ports will have the values  of  the  remote
                            hostname and port number.

       -u          Send  unloved  console output to conserver’s stdout (which,
                   in daemon  mode,  is  redirected  to  the  logfile).   This
                   applies  to  all  consoles  to  which  no user is attached,
                   independent of whether logging of  individual  consoles  is
                   enabled via conserver.cf entries.

       -Ulogfile   Copy  all  console  data  to  the ‘‘unified’’ logfile.  The
                   output is the same as the -u output, but all consoles,  not
                   just those without a user, are logged.  Each line of output
                   is prefixed with the console name.  If a user  is  attached
                   read/write, a ‘*’ is appended to the console name, to allow
                   log watching utilites to ignore  potential  user-introduced
                   alarms.

       -v          Echo the configuration as it is being read (be verbose).

       -V          Output  the  version  number  and settings of the conserver
                   program and then exit.

PROTOCOL

       The protocol used to interact with the conserver daemon has  two  basic
       styles.   The  first style is the initial line-based mode, which occurs
       before connecting to a console.  The second  style  is  the  character-
       based, escape-sequence mode, while connected to a console.

       The initial line-based mode begins the same for both the master process
       and its children.  Upon a successful (non-rejected) client  connection,
       an  ‘‘ok’’  is  sent.   The client then issues a command and the server
       responds to it with a result string (‘‘ok’’ being the sign  of  success
       for  most  commands).  The commands available are ‘‘help’’, ‘‘ssl’’ (if
       SSL was built into the  code),  ‘‘login’’,  and  ‘‘exit’’.   Using  the
       ‘‘login’’  command,  the  client  authenticates and gains access to the
       extended command set.   This  is  where  the  master  process  and  its
       children  differ.  The master process gives the client access to global
       commands, and the child provides  commands  for  interacting  with  the
       consoles it manages.  The ‘‘help’’ command, in both cases, will provide
       a complete list of commands and a short description of what they do.

       The second, character-based,  style  of  interaction  occurs  when  the
       client  issues the ‘‘call’’ command with a child process.  This command
       connects the client to a console and, at that point, relays all traffic
       between  the  client  and  the console.  There is no more command-based
       interaction between the client and the server, any interaction with the
       server is done with the default escape sequence.

       This   is,   by   no  means,  a  complete  description  of  the  entire
       client/server interaction.  It is,  however,  a  brief  explanation  in
       order  to  give a idea of what the program does.  See the PROTOCOL file
       in the distribution for further details.

FILES

       The following default file locations may be overridden at compile  time
       or  by  the  command-line options described above.  Run conserver -V to
       see the defaults set at compile time.

       /etc/conserver.cf        description  of  console  terminal  lines  and
                                client     host     access     levels;     see
                                conserver.cf(5).
       /etc/conserver.passwd    users  allowed   to   access   consoles;   see
                                conserver.passwd(5).
       /var/run/conserver.pid   the master conserver process ID
       /var/log/conserver       log of errors and informational messages
       /tmp/conserver           directory  to  hold  Unix  domain  sockets (if
                                enabled)

       Additionally, output from individual consoles may be logged to separate
       files specified in conserver.cf(5).

BUGS

       I’m  sure there are bugs, I just don’t know where they are.  Please let
       me know if you find any.

AUTHORS

       Thomas A. Fine, Ohio State Computer Science
       Kevin S Braunsdorf, Purdue University Computing Center
       Bryan Stansell, conserver.com

SEE ALSO

       console(1), conserver.cf(5), conserver.passwd(5)