Re: What are folks using for serial consoles these days?

[Andrew Latham via NANOG <nanog () lists nanog org>]

Mike

Yes and Yes. I have some seriously old stuff and often corporate standards
move forward faster that vendor updates.

HTTPS - lack of updated CA data can cause issue when the user can not
update the data.
SSH - Some offers of legacy ciphers/algorithms can be flagged by
security sweeps.

I am sure I could go down a rabbit hole. There are devices that work
but get flagged for
how they work within tight controls.

On Thu, Dec 18, 2025 at 2:05 PM Michael Thomas via NANOG
<nanog () lists nanog org> wrote:
> On 12/18/25 7:24 AM, Andrew Latham via NANOG wrote:
> > Matt
> >
> > Some open software would really keep a lot of this stuff out of the
> > trash. I have Cyclades and Lantronix stuff on a shelf that works. I
> > got tired of maintaining a box-in-the-middle to deal with ssh ciphers.
>
> Have cipher suites really changed that much in the last 20 years or so?
> After the sha1 kerfuffle and needing to up RSA key sizes, has there been
> much change?
>
> Or are you talking about some seriously old kit that predates that?
>
> Mike, out of the loop
>
>
> > On Thu, Dec 18, 2025 at 7:43 AM Matt Brennan <brennanma () gmail com> wrote:
> > > Up until recently I was using the Raritan Dominion SX II models. Dual PSU, dual NIC, and configurations ranging 
> > > from 4 to 48 ports.  However, Raritan has just discontinued that as of June. It is unclear how long they will 
> > > continue to provide security patches.
> > >
> > > They are recommending customers switch to the ZPE Systems Nodegrid Serial Consoles. It looks to be much the same, 
> > > but I haven't had a chance to test one yet. The only difference I've noticed is the ZPE device seems to have an 
> > > embedded 5G cellular module.
> > >
> > >
> > > On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG <nanog () lists nanog org> wrote:
> > > > Dan
> > > >
> > > > I have stacks and stacks of serial console servers. Today I mostly use
> > > > an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter
> > > > with some pictures of the guts at
> > > > https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my
> > > > solution to a quick build of an https://freetserv.github.io/
> > > >
> > > > (I have seen some things)
> > > >
> > > > On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG
> > > > <nanog () lists nanog org> wrote:
> > > > > Hey there folks.
> > > > >
> > > > > Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the 
> > > > > amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those 
> > > > > consoles in real-time, and perhaps use that data to identify a connected device.
> > > > >
> > > > > As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable 
> > > > > you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't 
> > > > > have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial 
> > > > > cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an 
> > > > > older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
> > > > >
> > > > > It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not 
> > > > > stuck with "gee it only speaks rsa1024"), versus some EOL appliance.  But it's also 2u, and since we're recently 
> > > > > buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
> > > > >
> > > > > If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but 
> > > > > maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or 
> > > > > catch a hung system.
> > > > >
> > > > > Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware 
> > > > > lives, decent warranties and low hassle?  Does anything these days actually have DE9s on it?
> > > > >
> > > > > -Dan
> > > > >
> > > > > (You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header.  No, not 
> > > > > via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins.  
> > > > > I've seen things you people would't believe)
> > > > > _______________________________________________
> > > > > NANOG mailing list
> > > > > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/5VV3B6CVSW3KVIFFU4GOF5V5FAI625IG/
> > > >
> > > >
> > > > --
> > > > - Andrew "lathama" Latham -
> > > > _______________________________________________
> > > > NANOG mailing list
> > > > https://lists.nanog.org/archives/list/nanog () lists nanog org/message/CPBVORP6B7P5ZJ6CN4TX4YZNFYWZMGSC/
> _______________________________________________
> NANOG mailing list
> https://lists.nanog.org/archives/list/nanog () lists nanog org/message/Z4SBTD3J6VR24NDBUYWPIIGFQSTDZGWW/



-- 
- Andrew "lathama" Latham -
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/DJ3XMKQMR4KIGYDFWNDYDQTP7I7CAFN6/