←back to thread

Show HN: TinyPilot – Build a KVM over IP using a Raspberry Pi

(mtlynch.io)
756 points mtlynch | 1 comments | 23 Jul 20 13:56 UTC | HN request time: 0s | source
Show context
fulafel ◴[23 Jul 20 16:52 UTC] No.23929343[source]
A major con of the enterprisey ilom systems (such as the idrac) is their atrocious security track record. You are basically giving up your "the network is untrusted, I can survive its compromise" badge if you plug in one of those.
replies(1): >>23929806 #
parliament32 ◴[23 Jul 20 17:28 UTC] No.23929806[source]
Well those ports should never face the internet anyway. Most servers will have a dedicated (physical) port you use for IPMI or whatever -- vlan that and only allow access from your VPN. If you're extra secure you can full on disable the switchport until you need it.
replies(2): >>23930035 #>>23930979 #
1. extrapickles ◴[23 Jul 20 17:47 UTC] No.23930035[source]
Make sure in the BIOS to disable fallback to one of the other ethernet ports. Quite a few IPMIs will listen on eth0 if it looses the dedicated IPMI port link by default.