Authentication Parameters for Virtual Serial Port Network Connections

When you establish serial port connections over the network, you can use authentication parameters to secure the network. These parameters can support an encrypted connection with a remote system using SSL over Telnet or Telnets, or an encrypted connection with a concentrator using SSL over Telnet or Telnets.

URI Forms

If you do not use virtual serial port network connection (vSPC) and you configure your virtual machine with a serial port connected as a server with a telnet://:12345 URI, you can connect to your virtual machine's serial port from your Linux or Windows operating system. You use one of the following formats:

Telnet over TCP.
```
telnet://host:port
```
The virtual machine and remote system can negotiate and use SSL if the remote system supports the Telnet authentication option. If not, the connection uses unencrypted text (plain text).
Telnets over SSL over TCP.
```
telnets://host:port
```
SSL negotiation begins immediately, and you cannot use the Telnet authentication option.

Authentication Parameters

For an encrypted connection, the URI includes a set of authentication parameters. Enter the parameters as key words or key/value pairs. You can enter authentication parameters for secure Telnet ( telnets), or for Telnet ( telnet) as shown in the following syntax:

telnet://host:port #key[=value] [&key[=value] ...]

The first parameter must have a number sign (#) prefix. Additional parameters must have an ampersand (&) prefix. The following parameters are supported.

thumbprint= value: Specifies a certificate thumbprint against which the peer certificate thumbprint is compared. When you specify a thumbprint, certificate verification is enabled.
peerName= value: Specifies the peer name that is used to validate the peer certificate. When you specify a peer name, certificate verification is enabled.
verify: Forces certificate verification. The virtual machine will verify that the peer certificate subject matches the specified peerName and that it was signed by a certificate authority known to the ESXi host. Verification is enabled if you specify a thumbprint or peerName
cipherList= value: Specifies a list of SSL ciphers. The ciphers are specified as a list separated by colons, spaces, or commas.

Establishing Serial Port Network Connections to a Client or Server

Simple Server Connection

To connect to a virtual machine's serial port from a Linux or Windows operating system if you do not use vSPC, configure the virtual machine with a serial port connected as a server with a telnet://:12345 URI. To access a virtual serial port from a client, use telnet yourESXiServerIPAddress 12345.

Secure Server Connection

To enforce an encrypted connection to the virtual machine's serial port from a Linux operating system, you can configure Telnet to enforce encryption by configuring the virtual machine with a serial port connected as a server with a telnet://:12345#verify URI.

To access a virtual serial port from a client, use telnet-ssl yourESXServerName 12345. This connection will fail if the Telnet program you are using does not support SSL encryption.

Simple Client Connection

If you are running a Telnet server on your system and you want the virtual machine to automatically connect to it, you can configure the virtual machine as a client using telnet://yourLinuxBox:23.

The Virtual machine keeps initiating the Telnet connection to port 23 on yourLinuxBox.

Secure Client Connection

Additional URI options allow you to enforce a specific server certificate and restrict the ciphers being used. Virtual machines with a serial port configured as a client with telnet://ipOfYourLinuxBox:23#cipherList=DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA&peerName=myLinuxBoxName.withDomain will connect to ipOfYourLinuxBox only if the system supports one of two listed ciphers, and if it presents a trusted certificate issued to myLinuxBoxName.withDomain. Replace .withDomain with the full domain name, for example, example.org.