Solaris Console File Transfer
home
The problem
One annoying administrative dilemma in a "secure" IT environment is the
following
problem:
How does one transfer files to/from Solaris servers that
are only
accessible via console serial interface attached to a network terminal
server?
This scenario is particularly prevalent with firewalls. To
complicate matters, these servers have minimal Solaris
installations. And, the usual network file transfer services are
prohibited at the firewall due to
security reasons.
It turns out that most of the utilities needed to transfer files via
a
network accessible console cable are already a part of Solaris.
The tools
The secure "target" system will require these utilities:
The administrator will need these utilities at his/her workstation:
- uuencode and uudecode
- tip
- telnet; Or an alternate network client for console access
- A pseudo terminal (pty) redirector
The only utility missing from Solaris is the pseudo terminal
redirector.
O'Reilly's Using
and
Managing PPP book includes code for a very small and efficient
pty
redirector utility, ptysh2-sysv.c.
Although the code is intended for PPP, we administrators know a good
hack (and a good book) when we discover them.
There are other pseudo terminal redirectors out there.
However, the
others are generally larger in size, and more unwieldy to use
(especially the arguments necessary for the command line).
The method
Tip is a utility for conversing with a serial interface.
More importantly, tip supports text file transfers to a remote
Solaris shell
prompt. The trick is to use tip over the network, rather
than
over a physical serial interface.
The ptysh2-sysv utility creates a "fake" serial interface
that's connected to /bin/sh. Now we can use tip to
connect with a shell;
use the shell to connect with telnet; then invoke the tip
file
transfer feature to deliver (or get) a file to the remote host's
console.
The steps:
- If the file to transfer is binary, encode it to text.
$ uuencode filebin filebin > filebin.uue
- Using tip, ptysh2-sysv, and telnet,
connect
to the console port of the remote server and login.
$ ./ptysh2-sysv /home/admin/shterm &
[1] 2831
$ tip -9600 /home/admin/shterm
connected
$ $ telnet consoles.asun.net 2001
Trying 172.16.0.68...
Connected to consoles.asun.net.
Escape character is '^]'.
password:
fw1 console login: root
Password:
Sun Microsystems Inc. SunOS
5.8 Generic February 2000
#
- Get tip to send the file.
# ~?
~! shell
~< receive file from
remote host
~> send file to remote host
~t take file from remote UNIX
~p put file to remote UNIX
~| pipe remote file
~C connect program to remote
host
~c change directory
~. exit from tip
~^D exit from tip
~$ pipe local command to
remote host
~^Y suspend tip (local only)
~^Z suspend tip (local+remote)
~s set variable
~? get this summary
~# send break
~[put] filebin.uue
179 lines transferred in 0 seconds
!
#
- Decode the file with uudecode, completing the file
transfer. It's highly advisable to check the integrity of the
transferred file, since tip does not do any error
checking.
# uudecode filebin.uue
# ls filebin*
filebin
filebin.uue
# rm filebin.uue
#
# # Other tasks here
#
- Disconnect the telnet session (use the escape
character). Then disconnect tip by exiting the shell.
# exit
fw1 console login:
telnet> close
Connection closed.
$ exit
Connection Closed
[EOT]
$
- Finally, shut down the ptysh2-sysv process.
$ ps -ef | grep pty
admin 2831 2803 0 00:48:45
pts/2 0:00 ./ptysh2-sysv /home/admin/shterm
admin 2891 2803 0 01:11:11
pts/2 0:00 grep pty
$ kill 2831
$
Neat trick, huh?
The real file transfer utilities
The utilities that are really designed to support file transfers over a
serial
connection (using the network or otherwise) are:
In order to use these utilities, they have to be installed at both the
administrator's
workstation and the target host. That's a potential catch 22
problem
for secure remote hosts that have already been installed.