Providing secure remote access to serial and USB ports of connected managed devices is a key piece of the Opengear console server solution.
Opengear Lighthouse additionally provides central access to many console servers and their ports. This has several advantages, including:
- A single point for all console access simplifies security, authentication and routing policy
- Call Home enables access console ports behind firewalls, or when a console server has failed over to a private cellular network
- Console Gateway's convenient and consistent access conventions vs. searching through site manifests and address lists IP lists to locate a console
- With Device Groups you can search and tag ports and managed devices by region, operational group, manufacturer, etc.
The article provides an overview of using Console Gateway. For details on configuring Console Gateway, refer to this article.
Console Gateway CLI
SSH to Lighthouse and login using one of the following usernames:
- username:serial – select a console server, then console port to connect to
- username:console_server_name – on the specified console server, select a console port to connect to
- username:console_server_name:port_label – connect directly to the specified console port on the specified console server
- username:port_label – connect directly to the first console port matching the specific label, across all console servers (most useful when unique console port labels have been set)
Console Gateway UI
Login to the Lighthouse web UI, then:
- Click Manage -> Access Console Servers then click Serial Ports -> Show -> Web Terminal or Direct SSH Link
- If the console port has been grouped into a Serial & Network -> Managed Device on the console server, it will be additionally be available under Manage -> Access Managed Devices -> Managed Device Details -> Web Terminal or Direct SSH Link
Why are the Direct SSH Links connecting me to Lighthouse rather than the console?
Lighthouse presents these links in the format ssh://username:console_server_name:firstname.lastname@example.org/ – it's then up to your web browser and SSH client to parse the link and start the connection.
Some applications interpret everything following the : delimiter as a password, and truncate it for security reasons. If this is the case, you may set an alternative Console Gateway Delimiter:
- Login to the Lighthouse browser UI as root
- Click Configure -> System Administration
- Set Console Gateway Port Delimiter to an alternative character, e.g.: +
Note: This settings also affects CLI access, so using the above example the SSH command to connect directly to a console port would become: