Remote Access to Bare Metal Servers
Multiple ways to remotely access and manage your Lineserve bare metal servers, including SSH, IPMI, serial console, and remote desktop.
SSH Accessโ
Linux Serversโ
# Connect with SSH key
ssh -i ~/.ssh/lineserve-key admin@server-ip
# Connect with specific port
ssh -p 2222 admin@server-ip
# SSH with port forwarding
ssh -L 8080:localhost:80 admin@server-ip
SSH Key Managementโ
# Generate SSH key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/lineserve-key
# Add public key to server
ssh-copy-id -i ~/.ssh/lineserve-key.pub admin@server-ip
# Configure SSH client
cat >> ~/.ssh/config << EOF
Host lineserve-server
HostName server-ip
User admin
IdentityFile ~/.ssh/lineserve-key
Port 22
EOF
IPMI/BMC Accessโ
Web Interfaceโ
Access server management via browser:
- URL:
https://ipmi-ip-address
- Default credentials provided in server details
- Features: Power control, console access, hardware monitoring
IPMI Command Lineโ
# Install IPMI tools
apt install ipmitool
# Power operations
ipmitool -I lanplus -H ipmi-ip -U admin -P password power status
ipmitool -I lanplus -H ipmi-ip -U admin -P password power on
ipmitool -I lanplus -H ipmi-ip -U admin -P password power off
ipmitool -I lanplus -H ipmi-ip -U admin -P password power reset
# Hardware monitoring
ipmitool -I lanplus -H ipmi-ip -U admin -P password sensor list
ipmitool -I lanplus -H ipmi-ip -U admin -P password sdr list
Serial Console Accessโ
Via IPMIโ
# Start serial console session
ipmitool -I lanplus -H ipmi-ip -U admin -P password sol activate
# Deactivate session
ipmitool -I lanplus -H ipmi-ip -U admin -P password sol deactivate
Configure Serial Console on Serverโ
# Enable serial console in GRUB
sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"/' /etc/default/grub
update-grub
# Enable serial getty
systemctl enable serial-getty@ttyS0.service
systemctl start serial-getty@ttyS0.service
Windows Remote Desktopโ
Enable RDPโ
# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0
# Enable RDP through Windows Firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
# Set RDP port (optional)
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value 3389
Connect to Windows Serverโ
# From Linux using rdesktop
rdesktop -u Administrator -p password server-ip:3389
# From Windows
mstsc /v:server-ip:3389
VPN Accessโ
OpenVPN Server Setupโ
# Install OpenVPN
apt update && apt install openvpn easy-rsa
# Set up CA and certificates
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh
# Configure OpenVPN server
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gunzip /etc/openvpn/server.conf.gz
# Start OpenVPN service
systemctl enable openvpn@server
systemctl start openvpn@server
WireGuard Setupโ
# Install WireGuard
apt install wireguard
# Generate keys
wg genkey | tee privatekey | wg pubkey > publickey
# Configure WireGuard
cat > /etc/wireguard/wg0.conf << EOF
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820
[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
EOF
# Start WireGuard
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0
Secure Access Best Practicesโ
SSH Hardeningโ
# Configure SSH security
cat >> /etc/ssh/sshd_config << EOF
# Disable password authentication
PasswordAuthentication no
PubkeyAuthentication yes
# Limit users
AllowUsers admin
# Change default port
Port 2222
# Disable root login
PermitRootLogin no
# Connection limits
MaxAuthTries 3
MaxSessions 2
EOF
systemctl restart sshd
Firewall Configurationโ
# Configure UFW firewall
ufw enable
ufw default deny incoming
ufw default allow outgoing
# Allow SSH (custom port)
ufw allow 2222/tcp
# Allow specific services
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw allow 3306/tcp # MySQL (from specific IP)
Fail2Ban Setupโ
# Install Fail2Ban
apt install fail2ban
# Configure SSH protection
cat > /etc/fail2ban/jail.local << EOF
[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
EOF
systemctl restart fail2ban
Remote Management Toolsโ
Ansible Configurationโ
# inventory.yml
all:
hosts:
bare-metal-01:
ansible_host: server-ip
ansible_user: admin
ansible_ssh_private_key_file: ~/.ssh/lineserve-key
# Test connectivity
ansible all -i inventory.yml -m ping
# Run commands
ansible all -i inventory.yml -m shell -a "uptime"
Monitoring Accessโ
# Install monitoring agent
curl -sSL https://get.lineserve.com/monitoring-agent | bash
# Configure remote monitoring
echo "LINESERVE_API_KEY=your-api-key" > /etc/lineserve/monitoring.conf
systemctl enable lineserve-monitoring
systemctl start lineserve-monitoring
Troubleshooting Access Issuesโ
SSH Connection Problemsโ
# Test SSH connectivity
ssh -vvv admin@server-ip
# Check SSH service status
systemctl status sshd
# View SSH logs
tail -f /var/log/auth.log
IPMI Access Issuesโ
# Test IPMI connectivity
ping ipmi-ip-address
# Check IPMI configuration
ipmitool lan print 1
# Reset IPMI settings
ipmitool mc reset cold
Network Connectivityโ
# Check network interfaces
ip addr show
ip route show
# Test connectivity
ping 8.8.8.8
traceroute google.com
nslookup lineserve.com
Emergency Access Proceduresโ
Lost SSH Accessโ
- Use IPMI/BMC web console
- Access via serial console
- Reset SSH configuration
- Contact support for assistance
IPMI Recoveryโ
- Physical server access may be required
- IPMI reset via jumper or button
- Reconfigure IPMI settings
- Contact datacenter support
Password Recoveryโ
# Boot into single-user mode via IPMI console
# Edit GRUB entry, add: single init=/bin/bash
# Mount filesystem read-write
mount -o remount,rw /
# Reset password
passwd admin
# Reboot normally
reboot
API Access Managementโ
Create API Keysโ
# Generate API key for server management
lineserve auth create-api-key \
--name "bare-metal-management" \
--permissions "compute:read,compute:write"
Programmatic Accessโ
import requests
# Server status check
response = requests.get(
'https://api.lineserve.com/v1/compute/bare-metal/server-id',
headers={'Authorization': 'Bearer YOUR_API_TOKEN'}
)
# Power operations
requests.post(
'https://api.lineserve.com/v1/compute/bare-metal/server-id/power',
headers={'Authorization': 'Bearer YOUR_API_TOKEN'},
json={'action': 'restart'}
)