When you establish serial port connections over the network, you can use authentication parameters to secure the network. These parameters can support an encrypted connection with a remote system using SSL over Telnet or Telnets, or an encrypted connection with a concentrator using SSL over Telnet or Telnets.
URI Forms
If you do not use virtual serial port network connection (vSPC) and you configure your virtual machine with a serial port connected as a server with a telnet://:12345
URI, you can connect to your virtual machine's serial port from your Linux or Windows operating system. You use one of the following formats:
- Telnet over TCP.
telnet://host:port
The virtual machine and remote system can negotiate and use SSL if the remote system supports the Telnet authentication option. If not, the connection uses unencrypted text (plain text).
- Telnets over SSL over TCP.
telnets://host:port
SSL negotiation begins immediately, and you cannot use the Telnet authentication option.
Authentication Parameters
telnets
), or for Telnet (
telnet
) as shown in the following syntax:
telnet://host:port #key[=value] [&key[=value] ...]
The first parameter must have a number sign (#) prefix. Additional parameters must have an ampersand (&) prefix. The following parameters are supported.
- thumbprint= value
- Specifies a certificate thumbprint against which the peer certificate thumbprint is compared. When you specify a thumbprint, certificate verification is enabled.
- peerName= value
- Specifies the peer name that is used to validate the peer certificate. When you specify a peer name, certificate verification is enabled.
- verify
- Forces certificate verification. The virtual machine will verify that the peer certificate subject matches the specified peerName and that it was signed by a certificate authority known to the ESXi host. Verification is enabled if you specify a thumbprint or peerName
- cipherList= value
- Specifies a list of SSL ciphers. The ciphers are specified as a list separated by colons, spaces, or commas.
Establishing Serial Port Network Connections to a Client or Server
- Simple Server Connection
-
To connect to a virtual machine's serial port from a Linux or Windows operating system if you do not use vSPC, configure the virtual machine with a serial port connected as a server with a
telnet://:12345
URI. To access a virtual serial port from a client, usetelnet yourESXiServerIPAddress 12345
. - Secure Server Connection
-
To enforce an encrypted connection to the virtual machine's serial port from a Linux operating system, you can configure Telnet to enforce encryption by configuring the virtual machine with a serial port connected as a server with a
telnet://:12345#verify
URI. - Simple Client Connection
-
If you are running a Telnet server on your system and you want the virtual machine to automatically connect to it, you can configure the virtual machine as a client using
telnet://yourLinuxBox:23
.The Virtual machine keeps initiating the Telnet connection to port 23 on yourLinuxBox.
- Secure Client Connection
-
Additional URI options allow you to enforce a specific server certificate and restrict the ciphers being used. Virtual machines with a serial port configured as a client with
telnet://ipOfYourLinuxBox:23#cipherList=DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA&peerName=myLinuxBoxName.withDomain
will connect to ipOfYourLinuxBox only if the system supports one of two listed ciphers, and if it presents a trusted certificate issued to myLinuxBoxName.withDomain. Replace.withDomain
with the full domain name, for example,example.org
.