Automating Dell iDRAC6 Virtual Console Access from Linux CLI Without Web Browser


4 views

When working with Dell servers running iDRAC6, the standard virtual console access requires launching a Java Web Start (JNLP) file through a web browser. This creates unnecessary overhead for Linux administrators who prefer command-line solutions. Here's what makes this particularly frustrating:

# The manual process we want to avoid:
wget https://drac.ip.addr/Software/jviewer.jnlp
javaws viewer.jnlp  # Requires GUI and browser interaction

The JNLP file contains temporary credentials that change with each session:

<jnlp>
  <application-desc>
    <argument>user=1678523412</argument>
    <argument>passwd=9a7b83c21d</argument>
    <argument>drac.ip.nr=192.168.1.100</argument>
  </application-desc>
</jnlp>

Method 1: Direct JNLP Download via cURL

You can automate the JNLP retrieval while bypassing the browser:

curl -k -u root:calvin \
  "https://192.168.1.100/Software/jviewer.jnlp" \
  --output ~/drac_viewer.jnlp && \
javaws ~/drac_viewer.jnlp

Method 2: OpenSSH Port Forwarding (For iDRAC6 Enterprise)

Some iDRAC6 Enterprise versions allow SSH access which can be tunneled:

ssh -L 5900:127.0.0.1:5900 root@idrac.ip.addr
# Then connect any VNC viewer to localhost:5900

While iDRAC6 doesn't officially support direct VNC, some users report success with:

vncviewer -encodings tight -quality 5 idrac.ip.addr:5900

Note: This requires enabling "Virtual Console" in iDRAC settings and may need firmware updates.

For complete automation, here's a Python solution that handles the JNLP workflow:

import requests
from subprocess import run
from bs4 import BeautifulSoup

def get_idrac_console(idrac_ip, user, password):
    session = requests.Session()
    session.verify = False
    session.auth = (user, password)
    
    # Get viewer.jnlp URL from HTML
    r = session.get(f"https://{idrac_ip}")
    soup = BeautifulSoup(r.text, 'html.parser')
    jnlp_url = soup.find('a', {'id': 'linkVirtualConsole'})['href']
    
    # Download JNLP
    jnlp = session.get(f"https://{idrac_ip}/{jnlp_url}").text
    with open('viewer.jnlp', 'w') as f:
        f.write(jnlp)
    
    # Launch viewer
    run(['javaws', 'viewer.jnlp'])

# Usage:
get_idrac_console('192.168.1.100', 'root', 'calvin')
  • Always use HTTPS for iDRAC connections
  • Consider using SSH tunnels for remote access
  • The default credentials (root/calvin) should be changed immediately
  • Java Web Start was deprecated in JDK 9 - consider alternative methods

Upgrading to iDRAC6 firmware version 2.92 or later may provide better remote console options. Check compatibility with your server model (R815 in this case) before updating.

Working with Dell's iDRAC6 remote management controllers presents a peculiar annoyance for Linux sysadmins: the mandatory web browser dependency for virtual console access. The standard workflow involves:

  1. Launching a web browser
  2. Authenticating to the iDRAC web interface
  3. Downloading a new viewer.jnlp file for each session
# Typical JNLP launch sequence
wget https://idrac-ip/data?file=viewer.jnlp
javaws viewer.jnlp

The temporary credentials embedded in each JNLP file suggest a security mechanism where:

  • Single-use credentials are generated per session
  • The iDRAC6 web interface acts as middleware
  • No direct authentication protocol exists for the Java viewer

Examining a typical viewer.jnlp reveals the ephemeral nature:

<jnlp spec="1.0+" codebase="https://idrac-ip">
  <information>
    <title>iDRAC Virtual Console</title>
  </information>
  <security>
    <all-permissions/>
  </security>
  <resources>
    <j2se version="1.6+"/>
    <jar href="VirtualConsole.jar"/>
  </resources>
  <application-desc main-class="com.avocent.idrac.console.Main">
    <argument>ip=192.168.1.100</argument>
    <argument>user=temp_89dh39kd</argument>
    <argument>passwd=kd93jD8sk2</argument>
    <argument>port=5900</argument>
  </application-desc>
</jnlp>

We can automate the JNLP download process using cURL with proper authentication:

#!/bin/bash
IDRAC_IP="192.168.1.100"
USER="admin"
PASS="calvin"

# Authenticate and download JNLP
curl -s -k -u $USER:$PASS \
  "https://$IDRAC_IP/Applications/dellauncher.htm" \
  --data "app=virtualconsole&sessionType=jmx" \
  -o viewer.jnlp

# Launch console
javaws viewer.jnlp

While later iDRAC versions support direct VNC connections, iDRAC6 requires special handling:

# First extract VNC credentials from JNLP
VNC_PASS=$(grep -oP 'passwd=\K[^<]+' viewer.jnlp)

# Then connect using extracted credentials
vncviewer -passwd <(echo "$VNC_PASS" | vncpasswd -f) $IDRAC_IP::5900

Note that this requires the temporary password from a valid JNLP file, maintaining the one-time-use restriction.

For persistent access without browser dependency, establish an SSH tunnel:

# Create SOCKS proxy through jump host
ssh -D 1080 -N -f user@jumphost

# Configure browser to use localhost:1080
# Then access iDRAC web interface through tunnel

For direct VNC access through the tunnel:

ssh -L 5900:localhost:5900 user@jumphost
vncviewer localhost:5900

The open-source iDRAC-Tools project provides Python scripts for interacting with iDRAC interfaces:

# Install the toolkit
pip install idrac-tools

# Example console launch
idrac-console --host 192.168.1.100 --user admin --password calvin

This approach handles the JNLP retrieval and authentication automatically while providing a cleaner CLI interface.