Remote Lights-Out Mgmt (iLO 2, iLO, RILOE II) Forum
Showing results for 
Search instead for 
Do you mean 

ilo2 remote console/telnet security

SOLVED
Go to Solution
Advisor

ilo2 remote console/telnet security

Hello. How does port 23/telnet work with ilo2 remote console. Are my credentials encrypted. I'm running this on a DL380 G6/Rehat 5.5.

thanks.
4 REPLIES
Honored Contributor

Re: ilo2 remote console/telnet security

Hi Ray,

If you connect to iLO via Telnet (port 23), all communication is sent unencrypted. Your iLO remote console does not use port 23 however, and port 23 is disabled by default in iLO. The remote console is browser based and uses encrypted traffic across port 443 (secure HTTP).

If you need command line access to iLO I recommend using SSH (port 22) rather than Telnet for security reasons. Most Linux clients have SSH client software installed natively. For Windows clients I like PuTTY (or PLINK for command-line).

good luck, if you appreciate the answers we appreciate the points!
Advisor

Re: ilo2 remote console/telnet security

Thanks for the reply but at some level, ilo uses port 23. I had to open the port in the firewall to get the remote console to work. I don't need ssh/telnet access to ilo, I'm using the browser for that. What I need is the remote system console to the OS -- the java client. Without port 23 open, I was getting a java connect error. I tried a rudimentary packet sniff and I see communication between my client and my server on port 23. I guess I can dig further into the packet to see if my login/pw are in there when I login to the webclient console.
Its odd that I have a webclient open communicating on 443 and yet its also using port 23. I just want to know whats going across the wire.
Honored Contributor

Re: ilo2 remote console/telnet security

See page 28 of the iLO Security white paper:

http://www.hp.com/go/ilo --> More iLO Documentation --> "HP Integrated Lights-Out Security, 6th edition"

Honored Contributor

Re: ilo2 remote console/telnet security

Sorry, I was ambiguous about port 23 and the telnet protocol...

Telnet itself is disabled by default, but port 23 is enabled for establishing the remote console session.

Traffic through the remote console session is always encrypted, but if you enable Telnet and connect with a standard non-encrypted client then you are still transmitting unencrypted text.

You can modify this port in the Administration > Access > Services section

good luck!