Skip to main content

Remote Access to Bare Metal Servers

Multiple ways to remotely access and manage your Lineserve bare metal servers, including SSH, IPMI, serial console, and remote desktop.

SSH Accessโ€‹

Linux Serversโ€‹

# Connect with SSH key
ssh -i ~/.ssh/lineserve-key admin@server-ip

# Connect with specific port
ssh -p 2222 admin@server-ip

# SSH with port forwarding
ssh -L 8080:localhost:80 admin@server-ip

SSH Key Managementโ€‹

# Generate SSH key pair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/lineserve-key

# Add public key to server
ssh-copy-id -i ~/.ssh/lineserve-key.pub admin@server-ip

# Configure SSH client
cat >> ~/.ssh/config << EOF
Host lineserve-server
HostName server-ip
User admin
IdentityFile ~/.ssh/lineserve-key
Port 22
EOF

IPMI/BMC Accessโ€‹

Web Interfaceโ€‹

Access server management via browser:

  • URL: https://ipmi-ip-address
  • Default credentials provided in server details
  • Features: Power control, console access, hardware monitoring

IPMI Command Lineโ€‹

# Install IPMI tools
apt install ipmitool

# Power operations
ipmitool -I lanplus -H ipmi-ip -U admin -P password power status
ipmitool -I lanplus -H ipmi-ip -U admin -P password power on
ipmitool -I lanplus -H ipmi-ip -U admin -P password power off
ipmitool -I lanplus -H ipmi-ip -U admin -P password power reset

# Hardware monitoring
ipmitool -I lanplus -H ipmi-ip -U admin -P password sensor list
ipmitool -I lanplus -H ipmi-ip -U admin -P password sdr list

Serial Console Accessโ€‹

Via IPMIโ€‹

# Start serial console session
ipmitool -I lanplus -H ipmi-ip -U admin -P password sol activate

# Deactivate session
ipmitool -I lanplus -H ipmi-ip -U admin -P password sol deactivate

Configure Serial Console on Serverโ€‹

# Enable serial console in GRUB
sed -i 's/GRUB_CMDLINE_LINUX=""/GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8"/' /etc/default/grub
update-grub

# Enable serial getty
systemctl enable serial-getty@ttyS0.service
systemctl start serial-getty@ttyS0.service

Windows Remote Desktopโ€‹

Enable RDPโ€‹

# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -Value 0

# Enable RDP through Windows Firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

# Set RDP port (optional)
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value 3389

Connect to Windows Serverโ€‹

# From Linux using rdesktop
rdesktop -u Administrator -p password server-ip:3389

# From Windows
mstsc /v:server-ip:3389

VPN Accessโ€‹

OpenVPN Server Setupโ€‹

# Install OpenVPN
apt update && apt install openvpn easy-rsa

# Set up CA and certificates
make-cadir ~/openvpn-ca
cd ~/openvpn-ca
source vars
./clean-all
./build-ca
./build-key-server server
./build-dh

# Configure OpenVPN server
cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz /etc/openvpn/
gunzip /etc/openvpn/server.conf.gz

# Start OpenVPN service
systemctl enable openvpn@server
systemctl start openvpn@server

WireGuard Setupโ€‹

# Install WireGuard
apt install wireguard

# Generate keys
wg genkey | tee privatekey | wg pubkey > publickey

# Configure WireGuard
cat > /etc/wireguard/wg0.conf << EOF
[Interface]
PrivateKey = SERVER_PRIVATE_KEY
Address = 10.0.0.1/24
ListenPort = 51820

[Peer]
PublicKey = CLIENT_PUBLIC_KEY
AllowedIPs = 10.0.0.2/32
EOF

# Start WireGuard
systemctl enable wg-quick@wg0
systemctl start wg-quick@wg0

Secure Access Best Practicesโ€‹

SSH Hardeningโ€‹

# Configure SSH security
cat >> /etc/ssh/sshd_config << EOF
# Disable password authentication
PasswordAuthentication no
PubkeyAuthentication yes

# Limit users
AllowUsers admin

# Change default port
Port 2222

# Disable root login
PermitRootLogin no

# Connection limits
MaxAuthTries 3
MaxSessions 2
EOF

systemctl restart sshd

Firewall Configurationโ€‹

# Configure UFW firewall
ufw enable
ufw default deny incoming
ufw default allow outgoing

# Allow SSH (custom port)
ufw allow 2222/tcp

# Allow specific services
ufw allow 80/tcp # HTTP
ufw allow 443/tcp # HTTPS
ufw allow 3306/tcp # MySQL (from specific IP)

Fail2Ban Setupโ€‹

# Install Fail2Ban
apt install fail2ban

# Configure SSH protection
cat > /etc/fail2ban/jail.local << EOF
[sshd]
enabled = true
port = 2222
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 3600
EOF

systemctl restart fail2ban

Remote Management Toolsโ€‹

Ansible Configurationโ€‹

# inventory.yml
all:
hosts:
bare-metal-01:
ansible_host: server-ip
ansible_user: admin
ansible_ssh_private_key_file: ~/.ssh/lineserve-key
# Test connectivity
ansible all -i inventory.yml -m ping

# Run commands
ansible all -i inventory.yml -m shell -a "uptime"

Monitoring Accessโ€‹

# Install monitoring agent
curl -sSL https://get.lineserve.com/monitoring-agent | bash

# Configure remote monitoring
echo "LINESERVE_API_KEY=your-api-key" > /etc/lineserve/monitoring.conf
systemctl enable lineserve-monitoring
systemctl start lineserve-monitoring

Troubleshooting Access Issuesโ€‹

SSH Connection Problemsโ€‹

# Test SSH connectivity
ssh -vvv admin@server-ip

# Check SSH service status
systemctl status sshd

# View SSH logs
tail -f /var/log/auth.log

IPMI Access Issuesโ€‹

# Test IPMI connectivity
ping ipmi-ip-address

# Check IPMI configuration
ipmitool lan print 1

# Reset IPMI settings
ipmitool mc reset cold

Network Connectivityโ€‹

# Check network interfaces
ip addr show
ip route show

# Test connectivity
ping 8.8.8.8
traceroute google.com
nslookup lineserve.com

Emergency Access Proceduresโ€‹

Lost SSH Accessโ€‹

  1. Use IPMI/BMC web console
  2. Access via serial console
  3. Reset SSH configuration
  4. Contact support for assistance

IPMI Recoveryโ€‹

  1. Physical server access may be required
  2. IPMI reset via jumper or button
  3. Reconfigure IPMI settings
  4. Contact datacenter support

Password Recoveryโ€‹

# Boot into single-user mode via IPMI console
# Edit GRUB entry, add: single init=/bin/bash
# Mount filesystem read-write
mount -o remount,rw /

# Reset password
passwd admin

# Reboot normally
reboot

API Access Managementโ€‹

Create API Keysโ€‹

# Generate API key for server management
lineserve auth create-api-key \
--name "bare-metal-management" \
--permissions "compute:read,compute:write"

Programmatic Accessโ€‹

import requests

# Server status check
response = requests.get(
'https://api.lineserve.com/v1/compute/bare-metal/server-id',
headers={'Authorization': 'Bearer YOUR_API_TOKEN'}
)

# Power operations
requests.post(
'https://api.lineserve.com/v1/compute/bare-metal/server-id/power',
headers={'Authorization': 'Bearer YOUR_API_TOKEN'},
json={'action': 'restart'}
)

Next Stepsโ€‹