SSH Tunnel to HP iLOM (BASH)
You should never put a management controller like an iLOM onto the open internet, they're not designed for that level of exposure and are near guaranteed to be compromised. To allow remote access, use either a VPN, or tunnel via a jumpbox.
If possible, it's far simpler and easier to use SShuttle to tunnel out to an iLO via your jumpbox instead.
If, for whatever reason that isn't is possible, then it's possible to set up a straight SSH tunnel in order to reach a remote iLOM and be able to use the virtual console. The ports required differ slightly between iLO3 and iLO4 - for iLO3 you will need to run SSH as root because you need to bind to a privileged port.
Once the tunnel's up, you can then just visit https://localhost:12443 in your browser
Details
- Language: BASH
Snippet
ILOMIP='[ip]'
# iLO3:
sudo ssh -L 127.0.0.1:23:$ILOMIP:23 -L 127.0.0.1:12443:$ILOMIP:443 -L 127.0.0.1:17988:$ILOMIP:17988 -L 127.0.0.1:17990:$ILOMIP:17990 user@jumpbox
# iLO4:
ssh -L 127.0.0.1:12443:$ILOMIP:443 -L 127.0.0.1:17988:$ILOMIP:17988 -L 127.0.0.1:17999:$ILOMIP:17999 user@jumpbox
# SSH to iLO via jumpbox
ssh -o proxycommand="ssh user@jumpbox 'nc %h %p'" user@ilomip
Usage Example
ILOMIP="192.168.1.35"
# iLO3:
sudo ssh -L 127.0.0.1:23:$ILOMIP:23 -L 127.0.0.1:12443:$ILOMIP:443 -L 127.0.0.1:17988:$ILOMIP:17988 -L 127.0.0.1:17990:$ILOMIP:17990 user@mybox.example.invalid
# iLO4:
ssh -L 127.0.0.1:12443:$ILOMIP:443 -L 127.0.0.1:17988:$ILOMIP:17988 -L 127.0.0.1:17999:$ILOMIP:17999 user@mybox.example.invalid
# SSH to iLO via jumpbox
ssh -o proxycommand="ssh user@mybox.example.invalid 'nc %h %p'" user@192.168.1.35