Mike Yes and Yes. I have some seriously old stuff and often corporate standards move forward faster that vendor updates. HTTPS - lack of updated CA data can cause issue when the user can not update the data. SSH - Some offers of legacy ciphers/algorithms can be flagged by security sweeps. I am sure I could go down a rabbit hole. There are devices that work but get flagged for how they work within tight controls. On Thu, Dec 18, 2025 at 2:05 PM Michael Thomas via NANOG <nanog@lists.nanog.org> wrote:
On 12/18/25 7:24 AM, Andrew Latham via NANOG wrote:
Matt
Some open software would really keep a lot of this stuff out of the trash. I have Cyclades and Lantronix stuff on a shelf that works. I got tired of maintaining a box-in-the-middle to deal with ssh ciphers.
Have cipher suites really changed that much in the last 20 years or so? After the sha1 kerfuffle and needing to up RSA key sizes, has there been much change?
Or are you talking about some seriously old kit that predates that?
Mike, out of the loop
On Thu, Dec 18, 2025 at 7:43 AM Matt Brennan <brennanma@gmail.com> wrote:
Up until recently I was using the Raritan Dominion SX II models. Dual PSU, dual NIC, and configurations ranging from 4 to 48 ports. However, Raritan has just discontinued that as of June. It is unclear how long they will continue to provide security patches.
They are recommending customers switch to the ZPE Systems Nodegrid Serial Consoles. It looks to be much the same, but I haven't had a chance to test one yet. The only difference I've noticed is the ZPE device seems to have an embedded 5G cellular module.
On Thu, 18 Dec 2025 at 09:34, Andrew Latham via NANOG <nanog@lists.nanog.org> wrote:
Dan
I have stacks and stacks of serial console servers. Today I mostly use an https://www.coolgear.com/product/32-port-rs-232-usb-to-serial-adapter with some pictures of the guts at https://lathama.net/Tech/Hardware/USB-32COM-RM if interested. It is my solution to a quick build of an https://freetserv.github.io/
(I have seen some things)
On Wed, Dec 17, 2025 at 5:51 PM Dan Mahoney via NANOG <nanog@lists.nanog.org> wrote:
Hey there folks.
Dayjob has historically used USB TTY pods attached to real BSD machines to talk to our cisco consoles, with the amazing benefit that with a program like Vixie's rtty (or conserver) you can also capture the output of those consoles in real-time, and perhaps use that data to identify a connected device.
As a bonus, because the rackmount devices have real DE-9's on them, it means they work with any kind of cable you get (not just your standard rj45 cisco rollover like you might get with a Cyclades thing -- and you don't have to come up with the weird-ass mappings for rj45-serial like you might need like our ME4012 NAS (the serial cable is a stereo plug), our smart power strips (it's either a stereo plug, or an rj12), or something like an older brocade switch (it's a DE9, but it's friggin ODD, and I think it may also be the wrong gender).
It also means, since you're running a real OS, you have patches as long as the OS is supported (so you're not stuck with "gee it only speaks rsa1024"), versus some EOL appliance. But it's also 2u, and since we're recently buying a lot of Dell hardware, that's Super Overkill for a dell, so I'm evaluating maybe just going "Appliance".
If we stick with an existing unix box for this, I'd want something with proper IPMI/OOB (so Rpi is out) but maybe the dumbest, shallowest-depth atom64 supermicro you can find, in the event you need to do a reinstall or catch a hung system.
Are there things that other folks are using that are "easy" to work with that you've found to have Long firmware lives, decent warranties and low hassle? Does anything these days actually have DE9s on it?
-Dan
(You may have also seen my note earlier about the Cisco ASR920, which has RS232 pins in a USB-A header. No, not via a PL2032 chip inside the host that provides a virtual serial...direct txd/rxd/gnd/cts etc, on the USB pins. I've seen things you people would't believe) _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/5VV3B6CV...
-- - Andrew "lathama" Latham - _______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/CPBVORP6...
_______________________________________________ NANOG mailing list https://lists.nanog.org/archives/list/nanog@lists.nanog.org/message/Z4SBTD3J...
-- - Andrew "lathama" Latham -