Experimental Physics and Industrial Control System
|
Sorry for the missing information .... I am using vxWorks 6.9 on mv6100 board.
Actually hooking up the CPU's serial port to any PC/laptop is fairly easy and if shell is available on serial port, anyone can do anything with the system.
But if we provide shell through a secured telnet (necessarily requiring user name & password), then we can prevent misuse of shell commands.
Keeping this in mind I wanted to disable shell on serial console and keep it accessible through Telnet only. And as you may be knowing if we do not include_shell in OS image, we can't use telnet either.
Regards, Stefen
On Thu, Mar 12, 2020 at 2:20 AM Johnson, Andrew N. < anj at anl.gov> wrote:
On Mar 11, 2020, at 10:38 AM, Hartman, Steven M. via Tech-talk <tech-talk at aps.anl.gov> wrote:
>
>> On Mar 11, 2020, at 9:54 AM, Stefen Paul via Tech-talk <tech-talk at aps.anl.gov> wrote:
>>
>> I am using vxWorks on MVME CPU boards. I have two queries related to the same :
>
> You didn’t say which version of VxWorks you are using (and my experience may be out of date) but . . .
I agree that would definitely be helpful...
>> I want the shell to be accessible only through Telnet login and not through the default serial port terminal ... can it be done ?
>
> I don’t think so. Traditionally VxWorks has required all targets to have a serial port terminal.
Actually it might be possible, depending on whether the port is going to be used for something else or not. If you just don’t want people to be able to type commands through it one the OS is running I think that’s possible.
If you want to use it for I/O and to prevent VxWorks from ever sending or receiving console messages through it even at boot-up though, that would require rebuilding your boot rom and working out how you’d configure and boot the CPU. I’m sure you could build a VxWorks image that doesn’t connect its console up to the serial port, but you can’t run a telnet daemon in the boot-rom, and even if you could your session would die as soon as the newly booted OS initializes its network.
We actually do something vaguely similar but in reverse here; we build telnet into some of our VxWorks 6.9 OS images but we disable the telnet daemon task “ipcom_telnetd" by default, so someone has to connect via the console and enable the telnet task to be able to connect over the network. Telnet is much faster than going over a 9600 Baud serial port, but we aren’t allowed to keep the telnet ports open on our IOCs when we aren’t using them. We also configure the VxWorks telnet server to only accept at most one connection.
HTH,
- Andrew
--
Complexity comes for free, simplicity you have to work for.
--
- References:
- vxW shell related Stefen Paul via Tech-talk
- Re: [EXTERNAL] vxW shell related Hartman, Steven M. via Tech-talk
- Re: [EXTERNAL] vxW shell related Johnson, Andrew N. via Tech-talk
- Navigate by Date:
- Prev:
PyDM setting alarm with PVView example Rute Mendes via Tech-talk
- Next:
Re: PyDM setting alarm with PVView example Hugo Slepicka via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
<2020>
2021
2022
2023
2024
- Navigate by Thread:
- Prev:
Re: [EXTERNAL] vxW shell related Johnson, Andrew N. via Tech-talk
- Next:
Huber SMC 9300 controller yangdl via Tech-talk
- Index:
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
<2020>
2021
2022
2023
2024
|
ANJ, 13 Mar 2020 |
·
Home
·
News
·
About
·
Base
·
Modules
·
Extensions
·
Distributions
·
Download
·
·
Search
·
EPICS V4
·
IRMIS
·
Talk
·
Bugs
·
Documents
·
Links
·
Licensing
·
|