When you establish serial port connections over the network, you can use authentication parameters to secure the network. These parameters can support an encrypted connection with a remote system using SSL over Telnet or Telnets, or an encrypted connection with a concentrator using SSL over Telnet or Telnets.

URI Forms

If you do not use virtual serial port network connection (vSPC) and you configure your virtual machine with a serial port connected as a server with a telnet://:12345 URI, you can connect to your virtual machine's serial port from your Linux or Windows operating system. You use one of the following formats:

  • Telnet over TCP.

    telnet://host:port

    The virtual machine and remote system can negotiate and use SSL if the remote system supports the Telnet authentication option. If not, the connection uses unencrypted text (plain text).

  • Telnets over SSL over TCP.

    telnets://host:port

    SSL negotiation begins immediately, and you cannot use the Telnet authentication option.

Authentication Parameters

For an encrypted connection, the URI includes a set of authentication parameters. Enter the parameters as key words or key/value pairs. You can enter authentication parameters for secure Telnet (telnets), or for Telnet (telnet) as shown in the following syntax:

telnet://host:port #key[=value] [&key[=value] ...]

The first parameter must have a number sign (#) prefix. Additional parameters must have an ampersand (&) prefix. The following parameters are supported.

thumbprint=value

Specifies a certificate thumbprint against which the peer certificate thumbprint is compared. When you specify a thumbprint, certificate verification is enabled.

peerName=value

Specifies the peer name that is used to validate the peer certificate. When you specify a peer name, certificate verification is enabled.

verify

Forces certificate verification. The virtual machine will verify that the peer certificate subject matches the specified peerName and that it was signed by a certificate authority known to the ESXi host. Verification is enabled if you specify a thumbprint or peerName

cipherList=value

Specifies a list of SSL ciphers. The ciphers are specified as a list separated by colons, spaces, or commas.

Establishing Serial Port Network Connections to a Client or Server

Simple Server Connection

To connect to a virtual machine's serial port from a Linux or Windows operating system if you do not use vSPC, configure the virtual machine with a serial port connected as a server with a telnet://:12345 URI. To access a virtual serial port from a client, use telnet yourESXiServerIPAddress 12345.

Secure Server Connection

To enforce an encrypted connection to the virtual machine's serial port from a Linux operating system, you can configure Telnet to enforce encryption by configuring the virtual machine with a serial port connected as a server with a telnet://:12345#verify URI.

To access a virtual serial port from a client, use telnet-ssl yourESXServerName 12345. This connection will fail if the Telnet program you are using does not support SSL encryption.

Simple Client Connection

If you are running a Telnet server on your system and you want the virtual machine to automatically connect to it, you can configure the virtual machine as a client using telnet://yourLinuxBox:23.

The Virtual machine keeps initiating the Telnet connection to port 23 on yourLinuxBox.

Secure Client Connection

Additional URI options allow you to enforce a specific server certificate and restrict the ciphers being used. Virtual machines with a serial port configured as a client with telnet://ipOfYourLinuxBox:23#cipherList=DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA&peerName=myLinuxBoxName.withDomain will connect to ipOfYourLinuxBox only if the system supports one of two listed ciphers, and if it presents a trusted certificate issued to myLinuxBoxName.withDomain. Replace .withDomain with the full domain name, for example, example.org.