Topics: HMC, Security

HMC access through SSH tunnel

If your HMC is located behind a firewall and your only access is through SSH, then you have to use SSH tunneling to get browser-based access to your HMC. The ports you need to use for setting up the SSH tunnel are: 22, 23, 8443, 9960, 9735, 657, 443, 2300, 2301, 2302 and 12443. This applies to version 7 and up of the HMC. For example, if you're using a jump server to get access to the HMC, you need to run:

# ssh -l user -g -L 12443:10.48.32.99:12443 -L 8443:10.48.32.99:8443 -L 9960:10.48.32.99:9960 -L 9735:10.48.32.99:9735 -L 2300:10.48.32.99:2300 -L 2301:10.48.32.99:2301 -L 443:10.48.32.99:443 -L 2302:10.48.32.99:2302 -L 657:10.48.32.99:657 -L 22:10.48.32.99:22 -L 23:10.48.32.99:23 jumpserver.domain.com -N
When you've run the command above (and have logged in to your jumpserver), then point the browser to https://jumpserver.domain.com.

You can do something similar within PuTTY on your desktop system. Basically create a new PuTTY session to your HMC, and then in the SSH tunnel section, enter an entry for each port to the HMC, e.g. add port 12443 to 10.48.32.99:12443. Repeat this for all ports mentioned above and then save your PuTTY session. After that, login to your session, and open a browser to https://localhost, which should then redirect you to your HMC's web GUI.



If you found this useful, here's more on the same topic(s) in our blog:


UNIX Health Check delivers software to scan Linux and AIX systems for potential issues. Run our software on your system, and receive a report in just a few minutes. UNIX Health Check is an automated check list. It will report on perfomance, capacity, stability and security issues. It will alert on configurations that can be improved per best practices, or items that should be improved per audit guidelines. A report will be generated in the format you wish, and the report includes the issues discovered and information on how to solve the issues as well.

Interested in learning more?