I want to remotely manage my server via IPMI from a remote location and I saw articles telling to segregate IPMI interface to a different VLAN and then access it through openvpn can I do the same with ssh and how.
Remote IPMI via SSH
- Thread starter AgentCrimson
- Start date
Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
It is hard to do just with ssh because you need to forward several ports, and if you want to use the html5 versions of the ui you need to re-write the internal URLs to reference the proxied ports. It isn't impossible just a real PITA and you need to know the internals of the target implementation. Doing it with a VPN so you can access the interlace "directly" as if you were on the same network as the target is easy and work with all variations of IPMI from all vendors.
If you have multiple physical servers at a site you cn also go the other end of the spectrum and run a slimmed down virtual desktop with X11vnc and at the site and load up a browser of IPMIView or whatever other tools you need in the desktop there. Then use SSH to tunnel the single connection needed for the VNC session which is really easy to do and well supported with a huge mix of platforms.
If you don't have multiple servers I have use a little ER-X unit to fill the role as the vpn server + DHCP / Gateway for the management network at small sites before. Gets the job done well for a ~$50 investment.
If you have multiple physical servers at a site you cn also go the other end of the spectrum and run a slimmed down virtual desktop with X11vnc and at the site and load up a browser of IPMIView or whatever other tools you need in the desktop there. Then use SSH to tunnel the single connection needed for the VNC session which is really easy to do and well supported with a huge mix of platforms.
If you don't have multiple servers I have use a little ER-X unit to fill the role as the vpn server + DHCP / Gateway for the management network at small sites before. Gets the job done well for a ~$50 investment.
I assume you mean use SSH in place of OpenVPN.
You can usually do a SOCKS proxy via SSH, that you can then configure your browser to use.
This tutorial might do the trick:
The tutorial mentions using Network manager but at least firefox supports manual configuration of a proxy.
That all said, where is the SSH-service run?
I do not recommend exposing the SSH-service of the IPMI interface to the internet nor using a VM (or the host OS) on the system to access it (because you want it to be accesible when the host is down).
You can usually do a SOCKS proxy via SSH, that you can then configure your browser to use.
This tutorial might do the trick:
How to Set Up Socks Proxy Using SSH Tunnel - SysTutorials
How to Set Up Socks Proxy Using SSH Tunnel tagged Browser, C, Command, Command line, Course, Fedora, firefox, firewall, gnome, grep, gzip, How to, iOS, kill, Linux, Network, Programming, proxy, PS, S3, Security, Server, shell, socket, socks, SSH, sshd, System, time, Tutorial, Unix, Web, Windows.
www.systutorials.com
The tutorial mentions using Network manager but at least firefox supports manual configuration of a proxy.
That all said, where is the SSH-service run?
I do not recommend exposing the SSH-service of the IPMI interface to the internet nor using a VM (or the host OS) on the system to access it (because you want it to be accesible when the host is down).
If I use drop the idea of ssh and use openvpn for IPMI can I use openvpn for remote rsync via cron jobs?
You can do rsync cron jobs with our without a vpn as long as one side has a public IP you can get to. If they are both private addresses you will need to do a vpn or have an intermediate server with SSH that has a public IP you jump through to get to the private hosts.
If you describe the setup you are working with in a bit more detail we may be able to offer more detailed suggestions.
If you describe the setup you are working with in a bit more detail we may be able to offer more detailed suggestions.