Last active
April 22, 2021 19:03
-
-
Save sampowers/4981491 to your computer and use it in GitHub Desktop.
SSH tunnel 127.0.0.2 to supermicro IPMI system
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -x | |
| # | |
| # Purpose: Run on a workstation to make a remote IPMI controller available at http://127.0.0.2:80/ | |
| # Only does port mapping. IPMI controllers may have their own taxing browser requirements. | |
| # Requires that you have a shell on a host that is on the same network as your IPMI interface. | |
| shell='user@ssh-host-on-ipmi-network' | |
| # IPMI controller's IP address (on networks attached to your ssh host). | |
| ipmihost='192.168.1.16' | |
| # An additional address which we will later add as an alias on the loopback interface. | |
| # This allows you to pretend that 127.0.0.2 is the address of your IPMI controller. | |
| ifalias='127.0.0.2' | |
| # The host I used this script with only required the following ports, for the features I was using. Yours may require more. | |
| ports="80 443 623 5900 5901 5120 5123 8889" | |
| # | |
| # Forward each known IPMI port to the specified IPMI host-address using | |
| # SSH TCP Forwarding as described in http://manpages.ubuntu.com/manpages/zesty/en/man1/ssh.1.html#contenttoc5 | |
| # Build the SSH forwarding args, adding a -L [bind_address:]port:host:hostport argument for each port. | |
| # | |
| for p in $ports; do | |
| fwportspec=" ${fwportspec} -L $ifalias:$p:$ipmihost:$p " | |
| done | |
| # | |
| # Add an extra IP address that SSH will bind to for listening to the local forwarding ports. | |
| # | |
| sudo ifconfig lo0 alias $ifalias | |
| # | |
| # Open the ssh connection to the host that is on the same network as your IPMI interface. | |
| # Puts SSH in verbose mode and enables compression for some reason. This does the port forwarding over ssh channels. | |
| # | |
| # As long as your shell to the remote host is open, you can browse to http://127.0.0.2:80 and access the IPMI login page. | |
| echo "Using shell $shell to map IPMI-related ports on host $ipmihost to 127.0.0.2. http://127.0.0.2:80/" | |
| sudo ssh -v -C $fwportspec $shell | |
| sleep 1 # I don't remember why this is here. | |
| sudo ifconfig lo0 -alias $ifalias # Remove the extra IP from the loopback interface. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
It's been a while since I used this. But in case it is useful:
IPMI implementations can be quite a bit different between types of server and I don't know a lot about that part, except that I recall that there were more ports to map than I thought there should be...
I added some comments to the original gist to explain all the moving parts and what the meanings of some of the variables are, and added a link to the SSH manual to describe how SSH does TCP Port forwarding. It's quite a bit different to the way OpenVPN works, but I'm not familiar with OpenVPN. I used SSH because it's easier for me to set up on the remote end (as it's usually present anyway).
You'll need to configure the IPMI address and login/etc in the console BIOS configuration and copy that address into the script. And that IP address needs to be reachable from the SSH host you add to $shell in the script. It helps, but is not required, to use SSH Public Keys and Agent Authentication instead of just a password.
Anyway you just run the script and browse to "127.0.0.2" and login to the IPMI page. Mine needed both browser java, as well as java web start, which both sucked to get working properly at the time. This enabled me to use remote graphics and iso for reinstalling the OS from an iso image on my workstation. This is not fast but works, using tiny/netinst isos helps.