Access Supermicro BMC via SSH tunnels

by

I’ve got a server at home with a Supermicro motherboard that has a BMC in it. The BMC allows me to access a web interface on a dedicated network interface on the motherboard which will let me control the server in the event the OS has frozen or the hardware has powered down. This is extremely useful if something goes wrong at home while I’m out of town and need to power cycle my server remotely.

The problem I have is that my VPN server is a VM hosted on the server in question. So if the server is down I can’t VPN home and access the BMC. I could forward the ports through my firewall but there is a more secure way of doing things so why not?

I got my hands on a Raspberry Pi2 with the intent of connecting it up so I could remotely access it via SSH in the event my main server was offline at home. From the RPi2 I could then load up a browser and access the BMC interface on my server. One big problem though. While I could access the web interface and power cycle the server I could not access the Java based KVM that comes included with the BMC. The KVM lets you access the server as if you were physically in front of it with a keyboard and mouse AND connect media to the server remotely such as a ISO for some diagnostic software if needed. Unfortunately no matter how much I tried I could not get the Java WebApp to work on my RPi2.

Instead I opted to just use SSH tunnels to connect to the BMC via the RPi2. Again this worked great for the WebUI but failed when using the Java KVM. I did find a work around though and it’s pretty simple. When you’re on the Supermicro BMC page and you start the Java KVM you get a download for a “launch.jnlp” file. Save that to your local computer.

Open the launch.jnlp file in your favourite editor and you’ll see something like this:

<jnlp spec="1.0+" codebase="http://mybmc.mydomain.ca:80/">
  <information>
    <title>ATEN Java iKVM Viewer</title>
    <vendor>ATEN</vendor>
    <description>Java Web Start Application</description>
  </information>

  <security>
   <all-permissions/>
  </security>

  <resources>
    <property name="jnlp.packEnabled" value="true"/>
    <property name="jnlp.versionEnabled" value="true"/>
    <j2se version="1.6.0+" java-vm-args="-Xmx128M -Xms128M -Xss1M -XX:PermSize=32M -XX:MaxPermSize=32M"/>
    <jar href="iKVM__V1.69.21.0x0.jar" download="eager" main="true"/>
  </resources>

  <resources os="Windows" arch="x86">
    <nativelib href="libwin_x86__V1.0.5.jar" download="eager"/>
  </resources>
  <resources os="Windows" arch="x86_64">
    <nativelib href="libwin_x86_64__V1.0.5.jar" download="eager"/>
  </resources>
  <resources os="Windows" arch="amd64">
    <nativelib href="libwin_x86_64__V1.0.5.jar" download="eager"/>
  </resources>

  <resources os="Linux" arch="i386">
    <nativelib href="liblinux_x86__V1.0.5.jar" download="eager"/>
  </resources>
  <resources os="Linux" arch="x86">
    <nativelib href="liblinux_x86__V1.0.5.jar" download="eager"/>
  </resources>
  <resources os="Linux" arch="x86_64">
    <nativelib href="liblinux_x86_64__V1.0.5.jar" download="eager"/>
  </resources>
  <resources os="Linux" arch="amd64">
    <nativelib href="liblinux_x86_64__V1.0.5.jar" download="eager"/>
  </resources>

  <resources os="Mac OS X" arch="x86_64">
    <nativelib href="libmac_x86_64__V1.0.5.jar" download="eager"/>
  </resources>

  <resources os="SunOS" arch="sparc">
    <nativelib href="libsun_SPARC__V1.0.5.jar" download="eager"/>
  </resources>

  <application-desc main-class="tw.com.aten.ikvm.KVMMain">
    <argument>mybmc.mydomain.ca</argument>
    <argument>xxxxxxxxxxxxxxxx</argument>
    <argument>xxxxxxxxxxxxxxxx</argument>
	<argument>mybmc.mydomain.ca</argument>
    <argument>5900</argument>
    <argument>623</argument>
    <argument>2</argument>
    <argument>0</argument>
  </application-desc>
</jnlp>

You want to edit a few lines:

Line 1
From: <jnlp spec="1.0+" codebase="http://mybmc.mydomain.ca:80/">
To: <jnlp spec="1.0+" codebase="http://localhost:5901/">

Line 51
From: <argument>mybmc.mydomain.ca</argument>
To: <argument>localhost</argument>

Line 54
From: <argument>mybmc.mydomain.ca</argument>
To: <argument>localhost</argument>

And you’re done. Save and close the file.

You’ll notice changed the web port on Line 1 from 80 to 5901 because I know 5901 isn’t in use on my local system. Now all I had to do was setup my SSH Tunnels so that local host 5901 forwarded to remote host 80 and local host 5900/623 forwarded to their respective remote host ports via my RPi2.

There is one catch with this method. Every time you go back into your BMC web-interface and click ‘Launch Console’ it appears the BMC generates a new set of security keys. All this means is if you access your BMC via the normal method and then want to use tunnels again you’ll have to get a new .jnlp file and re-apply the above edits.

4 thoughts on “Access Supermicro BMC via SSH tunnels”

  1. Hi, Eric,

    Just wanted to thank you – this saved me when troubleshooting some PXE issues, I’m extremely grateful!

    Cheers,

    Nolan

    Reply

  2. hi friends

    i change the code but i gave the error unable to launch the application in dedail said could not parse launch file.error at line 1

    and anothe question where can i enter the port number 5901?

    in my tunnel??????

    Reply

    • Does the BMC work normally with out trying to tunnel?

      If the error is on line 1 I suspect you’ve typo’d something or erased something that shouldn’t have been erased.

      Try it with out the tunnels first, then try editing it for a tunnel again.

      Reply

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.