IPMI Remote Server Management on Linux
IPMI (Intelligent Platform Management Interface) provides out-of-band server management, letting you power cycle, access the console, and monitor hardware sensors even when the operating system is down. This guide covers using ipmitool on Linux to manage baremetal servers, configure BMC settings, monitor sensors, use Serial-over-LAN, and secure the IPMI interface.
Prerequisites
- A server with IPMI/BMC support (most modern baremetal servers)
- Ubuntu 20.04/22.04 or CentOS/Rocky Linux 8+
- The BMC must have an IP address configured (dedicated management NIC or shared NIC)
- Network access to the BMC's IP from your management workstation
Install ipmitool
# Ubuntu/Debian
sudo apt update && sudo apt install -y ipmitool
# CentOS/Rocky Linux
sudo dnf install -y ipmitool
# Load the IPMI kernel module for local access
sudo modprobe ipmi_devintf
sudo modprobe ipmi_si
# Make the modules load on boot
echo -e "ipmi_devintf\nipmi_si" | sudo tee /etc/modules-load.d/ipmi.conf
# Verify the IPMI device is present
ls /dev/ipmi*
# Should show /dev/ipmi0
Local IPMI Access
Local access communicates with the BMC via the system bus (no network required):
# Check BMC firmware info
sudo ipmitool bmc info
# Get channel information
sudo ipmitool channel info 1
# Show current LAN configuration (BMC's IP settings)
sudo ipmitool lan print 1
# Get System Event Log (SEL)
sudo ipmitool sel list
# Clear the event log
sudo ipmitool sel clear
# Get field-replaceable unit (FRU) inventory
sudo ipmitool fru list
# Check chassis status
sudo ipmitool chassis status
Remote IPMI Access
Connect to a remote BMC over the network using IPMI-over-LAN:
# Basic syntax for remote IPMI commands:
# ipmitool -I lanplus -H <BMC_IP> -U <USER> -P <PASSWORD> <command>
# Check connectivity to the BMC
ipmitool -I lanplus -H 192.168.1.100 -U admin -P password chassis status
# Use environment variables to avoid passwords in command history
export IPMI_HOST=192.168.1.100
export IPMI_USER=admin
export IPMI_PASS=supersecretpassword
alias ipmi='ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS'
# Now use the alias:
ipmi chassis status
ipmi bmc info
ipmi sel list
IPMItool interfaces:
-I lan— IPMI v1.5 (older, less secure, avoid if possible)-I lanplus— IPMI v2.0 with RMCP+ (use this for modern servers)-I open— Local kernel driver access
Power Management
# Show current power status
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS chassis status | grep "Power"
# Power on the server
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS chassis power on
# Power off (graceful shutdown)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS chassis power soft
# Hard power off (force)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS chassis power off
# Power cycle (off then on)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS chassis power cycle
# Reset (like pressing the reset button)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS chassis power reset
# Configure next boot device
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
chassis bootdev pxe # Boot once from PXE
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
chassis bootdev disk # Boot from disk
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
chassis bootdev bios # Boot to BIOS setup
# Set permanent boot device (persists across reboots)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
chassis bootdev pxe options=persistent
Sensor Monitoring
# List all sensors with current values
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS sdr list
# Show detailed sensor data
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS sdr elist full
# Filter for temperature sensors
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
sdr type Temperature
# Filter for fan sensors
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
sdr type Fan
# Filter for voltage sensors
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
sdr type Voltage
# Continuous monitoring script
#!/bin/bash
# monitor-sensors.sh
while true; do
echo "=== $(date) ==="
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS sdr list \
| grep -E "degrees|RPM|Volts" | grep -v "No Reading"
sleep 60
done
Parse sensor output for alerting:
# Check if any sensor is in a critical state
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS sdr list \
| grep -iE "critical|non-recoverable|upper crit|lower crit"
# Get CPU temperatures specifically
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS sdr type Temperature \
| grep -i "cpu\|processor"
Serial-over-LAN (SOL)
SOL redirects the server's serial console over the IPMI LAN channel, giving you console access even when the OS is unresponsive:
# Activate a SOL session (connect to server console)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS sol activate
# To exit the SOL session:
# Press ~ then . (tilde then period)
# If the server is booting, you'll see BIOS/POST output
# After OS boot, you'll see the OS login prompt
# Configure serial console in GRUB (required for SOL on Linux servers):
# Edit /etc/default/grub on the managed server:
# GRUB_CMDLINE_LINUX="console=tty0 console=ttyS1,115200n8"
# Then run: sudo update-grub
# Configure SOL parameters
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
sol set baud-rate 115200 1
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
sol set enabled true 1
# Show SOL configuration
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS sol info 1
# Deactivate an existing SOL session
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS sol deactivate
BMC Configuration and Security
# Show existing user accounts on the BMC
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS user list 1
# Create a new admin user (slot 3)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
user set name 3 newadmin
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
user set password 3 'NewSecurePassword123!'
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
user priv 3 4 1 # Privilege level 4 = Administrator on channel 1
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
user enable 3
# Disable the default admin account (slot 2 is usually "admin")
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
user disable 2
# Change the default password before doing anything else
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
user set password 2 'NewAdminPassword123!'
# Configure a static IP for the BMC (channel 1)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
lan set 1 ipsrc static
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
lan set 1 ipaddr 192.168.1.200
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
lan set 1 netmask 255.255.255.0
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
lan set 1 defgw ipaddr 192.168.1.1
# Restrict IPMI access to specific IP ranges (if supported by BMC)
# Most enterprise BMCs support this via web UI or vendor tools
# Reset BMC to factory defaults (use with caution)
ipmitool -I lanplus -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS \
mc reset cold
Troubleshooting
"Error: Unable to establish IPMI v2/RMCP+ session":
# Try IPMI v1.5 as a fallback
ipmitool -I lan -H $IPMI_HOST -U $IPMI_USER -P $IPMI_PASS chassis status
# Check if port 623 is open
nc -uz $IPMI_HOST 623 && echo "IPMI port open"
# Verify firewall allows UDP 623
sudo ufw status | grep 623
"/dev/ipmi0: No such file or directory" (local access):
sudo modprobe ipmi_si
sudo modprobe ipmi_devintf
ls /dev/ipmi*
# If module fails to load, check dmesg for hardware detection
dmesg | grep -i ipmi
SOL session hangs or shows garbage:
# Ensure baud rates match (BMC SOL config and server serial console)
# Check server's GRUB serial config
grep console /etc/default/grub
# If stuck in SOL session:
# Press ~ then . to force disconnect
Sensor readings show "No Reading":
# Some sensors need the OS running to provide readings
# Check which sensors are available:
ipmitool sdr list | grep -v "No Reading"
Conclusion
IPMI provides indispensable out-of-band management for baremetal servers, enabling power control, hardware monitoring, and console access without requiring a working operating system or network connection to the server itself. Always change default BMC credentials immediately, restrict IPMI access to a dedicated management network, and use IPMI v2.0 (lanplus) for encrypted communication. For large fleets, tools like ipmipower and monitoring integration with Prometheus via ipmi_exporter can automate health monitoring at scale.