SSH Tunnel to HP iLOM



Published: 2019-09-09 11:11:21 +0000
Categories: BASH,

Language

BASH

Description

You should never put a management controller like an iLOM onto the open internet, they're not designed for that level of exposure and are near guaranteed to be compromised. To allow remote access, use either a VPN, or tunnel via a jumpbox.

If possible, it's far simpler and easier to use SShuttle to tunnel out to an iLO via your jumpbox instead.

If, for whatever reason that isn't is possible, then it's possible to set up a straight SSH tunnel in order to reach a remote iLOM and be able to use the virtual console. The ports required differ slightly between iLO3 and iLO4 - for iLO3 you will need to run SSH as root because you need to bind to a privileged port.

Once the tunnel's up, you can then just visit https://localhost:12443 in your browser

Snippet

ILOMIP='[ip]'

# iLO3:
sudo ssh -L 127.0.0.1:23:$ILOMIP:23 -L 127.0.0.1:12443:$ILOMIP:443 -L 127.0.0.1:17988:$ILOMIP:17988 -L 127.0.0.1:17990:$ILOMIP:17990 user@jumpbox

# iLO4:
ssh -L 127.0.0.1:12443:$ILOMIP:443 -L 127.0.0.1:17988:$ILOMIP:17988 -L 127.0.0.1:17999:$ILOMIP:17999 user@jumpbox

# SSH to iLO via jumpbox
ssh -o proxycommand="ssh user@jumpbox 'nc %h %p'" user@ilomip

Usage Example

ILOMIP="192.168.1.35"

# iLO3:
sudo ssh -L 127.0.0.1:23:$ILOMIP:23 -L 127.0.0.1:12443:$ILOMIP:443 -L 127.0.0.1:17988:$ILOMIP:17988 -L 127.0.0.1:17990:$ILOMIP:17990 user@mybox.example.invalid

# iLO4:
ssh -L 127.0.0.1:12443:$ILOMIP:443 -L 127.0.0.1:17988:$ILOMIP:17988 -L 127.0.0.1:17999:$ILOMIP:17999 user@mybox.example.invalid

# SSH to iLO via jumpbox
ssh -o proxycommand="ssh user@mybox.example.invalid 'nc %h %p'" user@192.168.1.35

Keywords

bmc, ilom, tunnel, ssh, remote access, port forwarding,

Latest Posts


Copyright © 2022 Ben Tasker | Sitemap | Privacy Policy
Available at snippets.bentasker.co.uk, http://phecoopwm6x7azx26ctuqcp6673bbqkrqfeoiz2wwk36sady5tqbdpqd.onion and http://snippets.bentasker.i2p
hit counter