From owner-freebsd-hackers@FreeBSD.ORG Wed Feb 20 20:31:59 2013 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 01EED4DA for ; Wed, 20 Feb 2013 20:31:59 +0000 (UTC) (envelope-from freebsd@psconsult.nl) Received: from mx1.psconsult.nl (unknown [IPv6:2001:7b8:30f:e0::5059:ee8a]) by mx1.freebsd.org (Postfix) with ESMTP id AF9492C3 for ; Wed, 20 Feb 2013 20:31:58 +0000 (UTC) Received: from mx1.psconsult.nl (mx1.hvnu.psconsult.nl [46.44.189.154]) by mx1.psconsult.nl (8.14.5/8.14.4) with ESMTP id r1KKVpbd015687 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 20 Feb 2013 21:31:56 +0100 (CET) (envelope-from freebsd@psconsult.nl) Received: (from paul@localhost) by mx1.psconsult.nl (8.14.5/8.14.4/Submit) id r1KKVmmU015686; Wed, 20 Feb 2013 21:31:48 +0100 (CET) (envelope-from freebsd@psconsult.nl) X-Authentication-Warning: mx1.psconsult.nl: paul set sender to freebsd@psconsult.nl using -f Date: Wed, 20 Feb 2013 21:31:48 +0100 From: Paul Schenkeveld To: "Daniel O'Connor" Subject: IPMI console [Re: Chicken and egg, encrypted root FS on remote server] Message-ID: <20130220203148.GA1803@psconsult.nl> References: <20130220065810.GA25027@psconsult.nl> <20130220074655.GA59952@psconsult.nl> <20130220111339.GA65661@psconsult.nl> <8C2980B2-3B2C-4081-9287-39EFB47ABC3D@gsoft.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <8C2980B2-3B2C-4081-9287-39EFB47ABC3D@gsoft.com.au> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: hackers@freebsd.org X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Feb 2013 20:31:59 -0000 Hi Daniel, On Wed, Feb 20, 2013 at 10:55:47PM +1030, Daniel O'Connor wrote: > > On 20/02/2013, at 21:43, Paul Schenkeveld wrote: > >> What about getting a remote console like HP's ILO or Dell's DRAC ? > >> > >> You get to login remotely, you can use some degree of access control... you can even remote boot. > > > > For new hardware I could indeed use this, the current hardware does not > > support remote console. > > > > I don't have experience with ILO nor DRAC but I do have experience with > > SuperMicro's KVM over LAN which does need a java client to run. If I can > > enter the passphrase over ssh that would be better as I can use any device > > including a smartphone to dial in and enter the passphrase. > > > If you setup a serial console you don't need Java if you use ipmitool, eg > ipmitool -H remoteip -U ADMIN -I lanplus sol activate Tried that with some Supermicro servers, the serial console allows me to get into BIOS config and shows boot messages up to starting the kernel, once the kernel starts output stops. In the BIOS setup, console redirect defaults to com2 port which explains why output stops after the loader passes control to the kernel. BTW, ipmitool always gives me "Info: cannot activate SOL payload with encryption" but ipmi-console (sysutils/freeipmi) works. If I change the console redirect to com1, my screen stays blank. Would you perhaps know how to use com1 for redirect and connect to it using ipmi-console (or ipmi-tool)? Thanks, Paul Schenkeveld