THIS IS WORK IN PROGRESS!
In this Article I want to show you how I hacked together a more or less functional OOB management solution
I have a small server at home on which I love to test new operating systems.
But it’s a hassle to clean up your mess if you configured something wrong and it won’t boot up anymore.
Usually you would take a pendrive with a linux distro of your choice (or whatever OS floats your boat), boot from it and try to fix what you did.
But that requires that you sit in front of your device with a keyboard and monitor attached and have said pendrive ready.
Wouldn’t it be nice to do that while you’re out and about? To most people this might seem totally unnecessary (and to almost everyone except maybe sysadmins with devices in serverfarms hours away it is), but to me it sounds just like the kind of luxury I want to enjoy!
So let’s do this, like how hard can it be? (actually not that hard)
First I had to ask myself what the solution should be able to do.
This is already partially determined by my motivation. But let’s collect thoughts anyway.
- Reach it from outside of the local network
- secure login so no one pwns us
- most IPs get reassigned after 24h
- Turn the device on/off
- Boot into a recovery system
- Send arbitrary keystrokes
- See what happens on the screen
So it’s basically an internet reachable button presser/bootstick/keyboard/camera. Also since I don’t want any actual work with this project, let’s use preexisting stuff as much as possible.
So I need something to log in to that glues everything together and controls the whole operation. Maybe a Raspberry Pi? There’s one of those lying around on my desk, so a raspi it is!
An Open SSH server with public key authentication on that puppy and I’m covered when it comes to secure logins.
Now I just need to open a port in my router firewall and this thing is reachable. Or is it? Actually it’s a bit complicated because your IP gets reused every so often. This is another whole article (that I might write sometime) worth of info, but for now suffice it to say there is this magic protocol called dyndns that takes care of this for me.
First I thought I could just hook up a slaughtered USB cable to the serial port of the raspi and directly emulate a keyboard that way, but after 5 minutes of googling around that looked much harder than anticipated in my naiveté (if at all possible, because if I understood the timing of the port is not precise enough to do this sort of stuff).
Another quick googling later i found the Teensy USB Development Board. It says you can emulate HID deviceswith this … JACKPOT!
For powercycling I can just attach a simple relay controlled by the raspi to the jumper pins of the motherboard.
But screen capture is a bit more tricky. I need to catch the VGA signal and capture it with my raspi. It has a CSI camera port, but I wasn’t able to find anything useful to convert between VGA and CSI.
What I did find however (even cheap and widely available) were USB Videograbbers that can take an S-Video signal and are well supported on Linux (everything should be fine, but better look at the chipset before you buy it).
Converting VGA to S-Video is easy thanks to the magic that is cheap chinese tech crap.
For good measure I threw in a cheap 3G modem with a data sim to make it reachable even if my router is down (redundancy is nice).
Look forward to the more detailed post about that as well.
Another important addition is an Active USB Hub, because the power draw of the screen grabber, the modem and possible other stuff can be quite a lot on our poor raspi.
After aquiring all the hardware I need, there’s still the need to make it play nicely with each other.
When I planned this whole thing I thought I had to program the teensy to send key codes and all that stuff. But turns out there’s this gorgeous person that already did the heavy lifting for me and was so kind to just give his work to the world. Big shoutout to him!
His software etherkey is used to send keystrokes to the target system.
Another great project I found was motion which I use to capture the output of the screen grabber and send it over the network.
Gluing everything together
- look over software text and elaborating a bit
- config in software out of scope?
- upload and
- insert them