Le Wiki Koumbit
To get access to your pdu/port, you need to provide Koumbit with at least one static ip from which you wish to initiate the ssh connection. This is because we only enable certain IPs to access this device to minimize bruteforce and other nasty traffic.
Contents
Console interface
American Power Conversion Web/SNMP Management Card AOS v2.0.1
(c) Copyright 1999 All Rights Reserved MasterSwitch APP v2.0.1
-------------------------------------------------------------------------------
Name : pdu0-canix2.koumbit.net Date : 07/03/2007
Contact : support@koumbit.org Time : 16:36:20
Location : Canix2 Up Time : 0 Days 0 Hours 0 Minutes
Status : P+ N+ A+ User : Administrator
MasterSwitch : Serial Communication Established
------- Control Console -------------------------------------------------------
1- Device Manager
2- Network
3- System
4- Logout
?- Help, <ESC>- Refresh Main Menu, <ENTER>- Refresh
Rebooting a server
Exemple sur pdu1
Log in (/opt/bin/pdussh -oKexAlgorithms=+diffie-hellman-group1-sha1 -oCiphers=+aes128-cbc <user>@pdu10.koumbit.net)
1<ENTER> (device manager)
N<ENTER> (choose device, where N is the device number)
1<ENTER> (control outlet)
3<ENTER> (immediate reboot)
[...] remaining of documentation missing because I do not want to reboot a server just for this... you get the idea.
Shuting down a server
Connecter au PDU depuis cs0 (voir pwm 4.2/réseau/pduX.koumbit.net): /opt/bin/pdussh pduX.koumbit.net
1<ENTER> (Device Manager)
2<ENTER> (Outlet Management)
1<ENTER> (Outlet Control/Configuration)
N<ENTER> (choose device, where N is the device number)
1<ENTER> (Control Outlet)
2<ENTER> (Immediate Off)
Connecting to a PDU via the console host
Similarly to ConsoleSérieGuide, your access to our console host can be used to connect to a PDU instead of having an IP address(es) allowed via our firewall.
PDU="pduX.koumbit.net" PDU_USER="example" ssh -o SendEnv='PDU PDU_USER' USER@cs0.koumbit.net
Firewalled access
The management device in the PDUs is quite the puny computer. It is not able to withstand the usual bruteforce that an ssh server will receive from the Internet: devices used to crash all the time because of that load.
Because of this -- and also because we want to reduce the attack surface, since PDUs are a critical point in the infrastructure -- only a handful of hosts external to our datacenter are allowed to connect through to the PDUs.
Contact Koumbit support when you want to update the list of IP addresses that are allowed in to the PDUs.
Configuring your ssh client
The PDUs have an embedded computer called the "management interface" that runs proprietary firmware and rarely gets updated. Because of this, the encryption it uses is ancient.
The encryption is now so ancient that recent openssh clients will refuse to connect to the PDU. The RSA keys generated by the devices are only 768 bits long, and the most recent firmware for them does not offer the possibility to generate a larger key.
If you have an error message like the following when connecting, then you need to use a version of OpenSSH prior to 7.6p1 (debian jessie or older):
ssh_dispatch_run_fatal: Connection to UNKNOWN port 65535: Invalid key length
In order to connect to the PDUs with ssh you might need the following configuration snippet in your ~/.ssh/config:
# for any pdu at Koumbit host pdu*.koumbit.net PasswordAuthentication yes Ciphers aes128-cbc,aes256-cbc KexAlgorithms diffie-hellman-group1-sha1 MACs hmac-sha1
OR
Right on the command line.
$ /opt/bin/pdussh -oKexAlgorithms=+diffie-hellman-group1-sha1 -c aes128-cbc,aes256-cbc <pdu host> -l <your username>
Web interface
We generally disable the web interface since we prefer to rely on ssh.