remote access

Finding a server's BMC / IPMI IP address with ipmitool

I test servers on a temporary basis a lot, and many enterprise servers don't have as user-friendly external port indications, or little OLED displays to provide useful information. They're no-frills because they don't need frills, you just deploy them and they run for years.

I often need to gain access to the server's IPMI/BMC interface to manage the server remotely, and it's not always obvious what IP address is assigned if you don't manually assign one via your router and a MAC address.

I could scan my network for the IP address, but assuming I have the server booted and it's a modern Supermicro or other standard system, I can use ipmitool to grab the BMC IP:

Remote shell to a Raspberry Pi at 39,000 ft

For a few weeks I've been beta testing remote shell, the latest addition to Raspberry Pi Connect. Just a couple hours ago I was on a flight home from the new Micro Center in Charlotte.

Pi Connect Remote Shell in airplane on laptop

One huge problem with VNC or remote desktop is how flaky it is if you have limited bandwidth or an unstable connection, like on an airplane.

It takes forever to start a screen sharing session, and the airplane's flaky WiFi usually causes the session to lock up, meaning you can't do much at all.

Remote terminal access, just relaying text commands, is the best solution for that problem. And sure, I have a VPN I could use with SSH to get to my Pi, but Raspberry Pi Connect just added support for remote shell access.

Raspberry Pi is getting into the services game

...and it's all free—so far.

Raspberry Pi Connect Beta Logo

Raspberry Pi today launched Raspberry Pi Connect, a free remote VPN service for all Pi OS users.

If you create a Raspberry Pi ID, you can sign up for Connect, install rpi-connect on a Pi 4 or 5 running 64-bit Pi OS 12 'Bookworm', and register that Pi with the service.

Then, on any other device's web browser, you can log in and remote control your Pi through Connect's web-based VNC viewer.

Raspberry Pi Connect Demo

The VNC server is based on wayvnc, and the Connect service allows for as many registered Pis as you want (though I'm guessing the interface is optimized for the majority use case of one or a few).

Using LibreELEC like a pro—management via SSH

For a recent project, I needed to install LibreELEC/Kodi on a Raspberry Pi Compute Module 4 with built-in eMMC storage.

Because it's inconvenient to be swapping the Pi around from the embedded display I was using it in to my preferred carrier board I use for flashing Pis and interacting with their filesystems, I wanted to manage my LibreELEC install over SSH.

It seems like whatever documentation the LibreELEC Wiki used to have for remote SSH access is missing, and all I could find were references to enabling SSH during a GUI setup wizard. If you didn't see that during initial setup, the easiest way is to add ssh to the end of the line in the system's cmdline.txt file, then reboot.

So I pulled the Pi, used usbboot to mount the fat32 volume on my Mac, and opened cmdline.txt and added ssh. Then I popped the Pi back in the embedded display, and started it up.

Sure enough, I could now SSH in:

SSH and HTTP to a Raspberry Pi behind CG-NAT

For a project I'm working on, I'll have a Raspberry Pi sitting behind a 4G LTE modem:

Raspberry Pi 4 with 4G LTE modem and antenna on desk

This modem is on AT&T's network, but regardless of the provider, unless you're willing to pay hundreds or thousands of dollars a month for a SIM with a public IP address, the Internet connection will be running behind CG-NAT.

What this means is there's no publicly routable address for the Pi—you can't access it from the public Internet, since it's only visible inside the cell network's private network.

There are a few different ways people have traditionally dealt with accessing devices running through CG-NAT connections:

  1. Using a VPN
  2. Using a one-off tool like ngrok
  3. Using reverse tunnels, often via SSH

And after weighing the pros and cons, I decided to go with option 3, since—for my needs—I want to have two ports open back to the Raspberry Pi:

Raspberry Pi KVMs compared: TinyPilot and Pi-KVM v3

In a strange coincidence, the authors of TinyPilot and Pi-KVM both emailed me within a week of each other and asked if I'd be interested in one of their KVM devices.

TinyPilot vs Pi-KVM v3 Price comparison

Michael Lynch, founder of Tiny Pilot, said he'd used some of my Ansible work in building the TinyPilot update system, and Maxim Devaev, of Pi-KVM, liked my Pi open source content, and wanted to see what I thought of the new v3 kit that's currently on Kickstarter.

I took them both up on the offer, and dug into both devices.

Both have HDMI and USB inputs, so you can plug them into any Mac or PC and get full control, up to and including BIOS/UEFI settings, remote desktop management (with no software on the managed computer), and mounting of USB ISO images for re-installing an OS or maintaining a system.

A brief history of SSH and remote access

This post is an excerpt from Chapter 11: Server Security and Ansible, in Ansible for DevOps.

In the beginning, computers were the size of large conference rooms. A punch card reader would merrily accept pieces of paper that instructed the computer to do something, and then a printer would etch the results into another piece of paper. Thousands of mechanical parts worked harmoniously (when they did work) to compute relatively simple commands.

As time progressed, computers became somewhat smaller, and interactive terminals became more user-friendly, but they were still wired directly into the computer being used. Mainframes came to the fore in the 1960s, originally used via typewriter and teletype interfaces, then via keyboards and small text displays. As networked computing became more mainstream in the 1970s and 1980s, remote terminal access was used to interact with the large central computers.

iSSH on the iPad - SSH and VNC from Anywhere

[UPDATED: The developer of iSSH emailed me this morning with a couple of tidbits that will be useful for any early iSSH adopters on the iPad - see my updated notes in bold.]

One app I haven't had a lot of time to work with (yet) is iSSH on the iPad. I tried the iPhone version, but the tiny iPhone screen simply couldn't keep up with a productive SSH or VNC session.

The iPad changes the game, though; I can actually log in via SSH, do some real work, then go back to doing whatever I was doing on the iPad. Since the iSSH developers didn't have a ton of time to work on an actual iPad, there are some pretty annoying bugs right now—but these bugs will be fixed soon. Some of the bugs: