Remote Access to Bare Metal Servers

Multiple ways to remotely access and manage your Lineserve bare metal servers, including SSH, IPMI, serial console, and remote desktop.

SSH Access

Linux Servers

# Connect with SSH key
ssh -i ~/.ssh/lineserve-key admin@server-ip

# Connect with specific port
ssh -p 2222 admin@server-ip

# SSH with port forwarding
ssh -L 8080:localhost:80 admin@server-ip

SSH Key Management

# Generate SSH key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/lineserve-key

# Add public key to server
ssh-copy-id -i ~/.ssh/lineserve-key.pub admin@server-ip

# Configure SSH client
cat >> ~/.ssh/config << EOF
Host lineserve-server
    HostName server-ip
    User admin
    IdentityFile ~/.ssh/lineserve-key
    Port 22
EOF

IPMI/BMC Access

Web Interface

Access server management via browser:

URL: https://ipmi-ip-address
Default credentials provided in server details
Features: Power control, console access, hardware monitoring

IPMI Command Line

# Install IPMI tools
apt install ipmitool

# Power operations
ipmitool -I lanplus -H ipmi-ip -U admin -P password power status
ipmitool -I lanplus -H ipmi-ip -U admin -P password power on
ipmitool -I lanplus -H ipmi-ip -U admin -P password power off
ipmitool -I lanplus -H ipmi-ip -U admin -P password power reset

# Hardware monitoring
ipmitool -I lanplus -H ipmi-ip -U admin -P password sensor list
ipmitool -I lanplus -H ipmi-ip -U admin -P password sdr list

Serial Console Access

Via IPMI

# Start serial console session
ipmitool -I lanplus -H ipmi-ip -U admin -P password sol activate

# Deactivate session
ipmitool -I lanplus -H ipmi-ip -U admin -P password sol deactivate

Configure Serial Console on Server

# Enable serial console in GRUB
sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"/' /etc/default/grub
update-grub

# Enable serial getty
systemctl enable serial-getty@ttyS0.service
systemctl start serial-getty@ttyS0.service

Windows Remote Desktop

Enable RDP

# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0

# Enable RDP through Windows Firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

# Set RDP port (optional)
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value 3389

Connect to Windows Server

# From Linux using rdesktop
rdesktop -u Administrator -p password server-ip:3389

# From Windows
mstsc /v:server-ip:3389

VPN Access

OpenVPN Server Setup

# Install OpenVPN
apt update && apt install openvpn easy-rsa

# Set up CA and certificates
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh

# Configure OpenVPN server
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gunzip /etc/openvpn/server.conf.gz

# Start OpenVPN service
systemctl enable openvpn@server
systemctl start openvpn@server

WireGuard Setup

# Install WireGuard
apt install wireguard

# Generate keys
wg genkey | tee privatekey | wg pubkey > publickey

# Configure WireGuard
cat > /etc/wireguard/wg0.conf << EOF
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
EOF

# Start WireGuard
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

Secure Access Best Practices

SSH Hardening

# Configure SSH security
cat >> /etc/ssh/sshd_config << EOF
# Disable password authentication
PasswordAuthentication no
PubkeyAuthentication yes

# Limit users
AllowUsers admin

# Change default port
Port 2222

# Disable root login
PermitRootLogin no

# Connection limits
MaxAuthTries 3
MaxSessions 2
EOF

systemctl restart sshd

Firewall Configuration

# Configure UFW firewall
ufw enable
ufw default deny incoming
ufw default allow outgoing

# Allow SSH (custom port)
ufw allow 2222/tcp

# Allow specific services
ufw allow 80/tcp    # HTTP
ufw allow 443/tcp   # HTTPS
ufw allow 3306/tcp  # MySQL (from specific IP)

Fail2Ban Setup

# Install Fail2Ban
apt install fail2ban

# Configure SSH protection
cat > /etc/fail2ban/jail.local << EOF
[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
EOF

systemctl restart fail2ban

Remote Management Tools

Ansible Configuration

# inventory.yml
all:
  hosts:
    bare-metal-01:
      ansible_host: server-ip
      ansible_user: admin
      ansible_ssh_private_key_file: ~/.ssh/lineserve-key

# Test connectivity
ansible all -i inventory.yml -m ping

# Run commands
ansible all -i inventory.yml -m shell -a "uptime"

Monitoring Access

# Install monitoring agent
curl -sSL https://get.lineserve.com/monitoring-agent | bash

# Configure remote monitoring
echo "LINESERVE_API_KEY=your-api-key" > /etc/lineserve/monitoring.conf
systemctl enable lineserve-monitoring
systemctl start lineserve-monitoring

Troubleshooting Access Issues

SSH Connection Problems

# Test SSH connectivity
ssh -vvv admin@server-ip

# Check SSH service status
systemctl status sshd

# View SSH logs
tail -f /var/log/auth.log

IPMI Access Issues

# Test IPMI connectivity
ping ipmi-ip-address

# Check IPMI configuration
ipmitool lan print 1

# Reset IPMI settings
ipmitool mc reset cold

Network Connectivity

# Check network interfaces
ip addr show
ip route show

# Test connectivity
ping 8.8.8.8
traceroute google.com
nslookup lineserve.com

Emergency Access Procedures

Lost SSH Access

Use IPMI/BMC web console
Access via serial console
Reset SSH configuration
Contact support for assistance

IPMI Recovery

Physical server access may be required
IPMI reset via jumper or button
Reconfigure IPMI settings
Contact datacenter support

Password Recovery

# Boot into single-user mode via IPMI console
# Edit GRUB entry, add: single init=/bin/bash
# Mount filesystem read-write
mount -o remount,rw /

# Reset password
passwd admin

# Reboot normally
reboot

API Access Management

Create API Keys

# Generate API key for server management
lineserve auth create-api-key \
  --name "bare-metal-management" \
  --permissions "compute:read,compute:write"

Programmatic Access

import requests

# Server status check
response = requests.get(
    'https://api.lineserve.com/v1/compute/bare-metal/server-id',
    headers={'Authorization': 'Bearer YOUR_API_TOKEN'}
)

# Power operations
requests.post(
    'https://api.lineserve.com/v1/compute/bare-metal/server-id/power',
    headers={'Authorization': 'Bearer YOUR_API_TOKEN'},
    json={'action': 'restart'}
)

SSH Access​

Linux Servers​

SSH Key Management​

IPMI/BMC Access​

Web Interface​

IPMI Command Line​

Serial Console Access​

Via IPMI​

Configure Serial Console on Server​

Windows Remote Desktop​

Enable RDP​

Connect to Windows Server​

VPN Access​

OpenVPN Server Setup​

WireGuard Setup​

Secure Access Best Practices​

SSH Hardening​

Firewall Configuration​

Fail2Ban Setup​

Remote Management Tools​

Ansible Configuration​

Monitoring Access​

Troubleshooting Access Issues​

SSH Connection Problems​

IPMI Access Issues​

Network Connectivity​

Emergency Access Procedures​

Lost SSH Access​

IPMI Recovery​

Password Recovery​

API Access Management​

Create API Keys​

Programmatic Access​

Next Steps​

SSH Access

Linux Servers

SSH Key Management

IPMI/BMC Access

Web Interface

IPMI Command Line

Serial Console Access

Via IPMI

Configure Serial Console on Server

Windows Remote Desktop

Enable RDP

Connect to Windows Server

VPN Access

OpenVPN Server Setup

WireGuard Setup

Secure Access Best Practices

SSH Hardening

Firewall Configuration

Fail2Ban Setup

Remote Management Tools

Ansible Configuration

Monitoring Access

Troubleshooting Access Issues

SSH Connection Problems

IPMI Access Issues

Network Connectivity

Emergency Access Procedures

Lost SSH Access

IPMI Recovery

Password Recovery

API Access Management

Create API Keys

Programmatic Access

Next Steps