Solaris Console File Transfer


The problem

One annoying administrative dilemma in a "secure" IT environment is the following problem:
How does one transfer files to/from Solaris servers that are only accessible via console serial interface attached to a network terminal server?
This scenario is particularly prevalent with firewalls.  To complicate matters, these servers have minimal Solaris installations.  And, the usual network file transfer services are prohibited at the firewall due to security reasons.

It turns out that most of the utilities needed to transfer files via a network accessible console cable are already a part of Solaris.

The tools

The secure "target" system will require these utilities: The administrator will need these utilities at his/her workstation: The only utility missing from Solaris is the pseudo terminal redirector.

O'Reilly's Using and Managing PPP book includes code for a very small and efficient pty redirector utility, ptysh2-sysv.c.  Although the code is intended for PPP, we administrators know a good hack (and a good book) when we discover them.

There are other pseudo terminal redirectors out there.  However, the others are generally larger in size, and more unwieldy to use (especially the arguments necessary for the command line).

The method

Tip is a utility for conversing with a serial interface.  More importantly, tip supports text file transfers to a remote Solaris shell prompt.  The trick is to use tip over the network, rather than over a physical serial interface.

The ptysh2-sysv utility creates a "fake" serial interface that's connected to /bin/sh.  Now we can use tip to connect with a shell; use the shell to connect with telnet; then invoke the tip file transfer feature to deliver (or get) a file to the remote host's console.

The steps:

Neat trick, huh?

The real file transfer utilities

The utilities that are really designed to support file transfers over a serial connection (using the network or otherwise) are: In order to use these utilities, they have to be installed at both the administrator's workstation and the target host.  That's a potential catch 22 problem for secure remote hosts that have already been installed.