Loading ...DRAC console redirection over a SSH tunnel
The Dell Remote Access Controller or DRAC is an interface card by Dell which provides out-of-band management. The controller has its own processor, memory, battery, network connection, and access to the system bus. Key features include power management, virtual media access and remote console, all available through a supported web browser. This gives system administrators the ability to configure a machine as if they were sitting at the local console (terminal).
Since the DRAC card has its own IP separated from the one of the host server it is very common to assign for it a private IP; or even if it has a public IP it might be protected by a corporate firewall, making it very simple to connect from the corporate office, but not from outside. In such cases when you need to connect to the DRAC console from outside a solution is to tunnel over SSH your DRAC traffic.
In order for this to work you need to tunnel ports 443 (SSL) and and 5900,5901 (VNC). This can be achieved with openssh with a command like this:
ssh -L 443:dracip:443 -L 5900:dracip:5900 -L 5901:dracip:5901 -l user -N ssh_host
or similar from other ssh clients by mapping the respective ports.
If you would forward just 443, this will allow you to use the web interface of the DRAC card (and all its features, like power management, etc), but not the remote console redirection (5900,5901 are needed for the console to work).
After connecting the ssh tunnel you can just open in your local browser https://localhost/ and get the DRAC interface. The console redirection and it will work as expected.
Note: this solution has the limitation that it will work for only one DRAC console. You can tunnel over ssh multiple drac ips on port 443, like for ex:
- localhost:443 -> dracip1:443
- localhost:444 -> dracip2:443, etc.
but the remote console will require the ports 5900, 59001 and thus only one can work at the same time.
If you are running the DRAC console over a public IP, and you want to reach it from outside directly you will need to open in your firewall connections to the same ports TCP 443, 5900 and 5901.
22nd August 2008, 00:47
Its simpler to configure the DRAC to do serial console over ssh. There’s BIOS settings for redirecting screen output to the serial port, then the serial port output gets redirected into the DRAC. You then tell GRUB and linux to listen to com1 or com2 (depending on what you configured). After that, ssh into the DRAC, “connect com[x]” and away you go! No need to use any horrible plugins to get a remote console.
http://support.dell.com/support/edocs/software/smdrac3/drac5/OM53/en/ug/racugc3.htm
22nd August 2008, 20:19
daveg: thank you for your addition. Will this work is the host server is down? I mean I use the drac console just when i have to deploy a server and install it or when i have to work on a crashed machine.
23rd August 2008, 03:19
It sure does. It works through the DRAC (like the web-based console does), so its independent of the operating system. From the ssh login you’re also able to power off, restart, etc the box as well.
1st September 2008, 07:50
Great! Thanks again for your note.
8th October 2008, 22:00
[SYS-1004] Systems Maintenance 10/8/08…
Dell’s got a [reference page|http://support.dell.com/support/edocs/software/smsom/5.1.1/en/ug/html/security.htm#wp1039152] that describes the ports; also here’s [another page|http://www.ducea.com/2008/08/20/drac-console-redirection-over-a-ssh-tunnel/…
28th October 2008, 22:19
[...] public links >> server DRAC console redirection over a SSH tunnel Saved by LearnerWoerner on Mon 27-10-2008 Plugins for Keyword Sniping Saved by kimberlyjt on Thu [...]
11th December 2008, 03:24
Serial port redirection is great. If you need to use the web interface, or need to do some gui interaction, or the serial is not yet setup then ssh tunneling is very nice to have. I wrote a script to take care of various issues I have seen along w/shortening the command line…
1. need for port to be different (firewall/portforwarding restraints)
2. wanting to bind to a specific local address (maybe you want to give someone else access)
3. what address to bind on the rac (default localhost)
4. Redirection of ports needed for remote CD access, etc.
Here is my script
http://pastie.org/336412.txt
4th November 2011, 19:24
Anyone knows what is needed to enable the virtual media redirection?
Those three ports are enough to get console, though I would like to plug the *iso from my own laptop, too :>