RasbPi Lab Console Server Build
With a new job at a vendor comes the opportunity to build out my home lab, I had been looking for a console server on eBay for a while but hadn't found anything that took my fancy. While tidying out my old desk I found an old Raspberry Pi 2 I had bought years ago and forgot about, a short Google search later and I had found a use for it - a console server. Using a package called ser2net I could telnet to an address mapped to a USB serial adapter port.
I had everything I needed laying about but my SD card died while writing the new image to it, luckily Officeworks is just around the corner.
- Raspberry Pi + micro SD
- 4 port USB to serial adapter
- 4 console cables
Step 1
I decided to download and install Raspbian on the SD card. I followed the instructions here: https://www.raspberrypi.org/documentation/installation/installing-images/
Step 2
Configure your Pi. I'm using DHCP reservations so didn't bother setting up a static IP. I just updated and installed the ser2net package needed.
sudo apt update sudo apt upgrade -y sudo apt get ser2net
Step 3
Discover your serial adapters. Before I could configure ser2net I needed to find out what USB ports my USB adapter had mapped to.
dmesg | grep tty
Step 4
Configuring ser2net. I'm a novice at configuring linux in the CLI, but I can work nano. Luckily the config settings are all stored in a .conf text file.
sudo nano /etc/ser2net.conf
I decided to remove all the default fluff and keep it fairly simple.
BANNER:banner:MattLab Fortinet Terminal Server port \p device \d 4001:telnet:0:/dev/ttyUSB0:9600 8DATABITS NONE 1STOPBIT banner 4002:telnet:0:/dev/ttyUSB1:9600 8DATABITS NONE 1STOPBIT banner 4003:telnet:0:/dev/ttyUSB2:9600 8DATABITS NONE 1STOPBIT banner 4004:telnet:0:/dev/ttyUSB3:9600 8DATABITS NONE 1STOPBIT banner
This configuration will let us telnet to our RasbPi on port 4001 - 4004 using Putty. Those telnet sessions will be forwarded to our serial ports 1 - 4.
Step 5
Lets make sure Ser2Net starts up automatically:
sudo nano /etc/rc.local
Add the following above exit 0
/usr/local/sbin/ser2net -n -c /etc/ser2net.conf
Now I have a console server for my FortiGate labs, might get another 4 port USB to serial adapter. I am thinking of getting this one - https://www.amazon.com.au/UGREEN-Adapter-Converter-Hexnuts-Windows/dp/B01N3PTKAR/
You can also configure logging to a file on the RasbPi, but I decided to skip this step. If you do want logging, Google is your friend.
Security
The only downsides are that it uses telnet not SSH and that if someone knew the connection parameters (telnet IP Address Port) and was already on your network, they will have access to the serial device listening, but in my setup they would still need to know the FortiGate login credentials to get access to change any of the config.
If security is a concern then I would just skip the ser2net program, SSH into the RasbPi and run "screen /dev/ttyUSB0" or whichever USB port I wanted console access via.
Network Security Specialist at Síminn
5 年Built one inside an old netgear switch back in the day.
IT Consultant @ AskAnt IT Ltd
5 年Wow. Great work !
Architect and Builder of Secure Networks
5 年Now that’s an idea. I have a spare RPi.
Senior Customer Support Engineer at Veeam
5 年I can see that I’m going to be buying another pi shortly.
Working in the Architecture Space for NEC Australia focusing on Security/Network/Cloud Solutions - MBA
5 年Very nice