Fred, It sounds like you have the default (null) user enabled with no password for the lan channel. You would want to disable the null user (user 1) for that channel. Or, you could add a password to that user if you prefer. Even with Cipher Suite 0, the password would be MD5 hashed. ipmitool user list 1 would show the users for channel 1, if your ipmi lan is on channel 1. ipmitool user disable 1 would disable user 1, the null user.
Andy -----Original Message----- From: Fred Tyler [mailto:fred...@gmail.com] Sent: Tuesday, April 14, 2009 7:54 PM To: ipmitool-devel@lists.sourceforge.net Subject: [Ipmitool-devel] IPMI lanplus connection using -C0 does not requirepassword Hi, I don't know how this has happened, but I can run ipmitool commands on a remote machine without a password if I specify -C0 on the command line. Here's the lan configuration of the server running IPMI: ============================== r...@server$ ipmitool lan print 6 Set in Progress : Set Complete Auth Type Support : NONE MD2 MD5 PASSWORD Auth Type Enable : Callback : NONE MD2 MD5 PASSWORD : User : NONE MD2 MD5 PASSWORD : Operator : NONE MD2 MD5 PASSWORD : Admin : NONE MD2 MD5 PASSWORD : OEM : NONE MD2 MD5 PASSWORD IP Address Source : Static Address IP Address : 192.168.1.21 Subnet Mask : 255.255.255.0 MAC Address : 00:a0:d1:e2:b5:fe SNMP Community String : public IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10 BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled Gratituous ARP Intrvl : 2.0 seconds Default Gateway IP : 192.168.1.1 Default Gateway MAC : 00:1c:bf:25:b7:70 Backup Gateway IP : 0.0.0.0 Backup Gateway MAC : 00:00:00:00:00:00 802.1q VLAN ID : Disabled 802.1q VLAN Priority : 0 RMCP+ Cipher Suites : 0,1,2,3 Cipher Suite Priv Max : Not Available ===================================== When I do not specify "-C", and I enter a blank password, I get an "Unable to establish IPMI v2 RMCP+ session" error. However, here is the output of the IPMI command where I specify -C0 on the command line and enter a blank password: ====================================== $ ipmitool -C0 -I lanplus -H 192.168.1.21 chassis status Password: System Power : on Power Overload : false Power Interlock : inactive Main Power Fault : false Power Control Fault : false Power Restore Policy : always-off Last Power Event : ac-failed Chassis Intrusion : inactive Front-Panel Lockout : inactive Drive Fault : false Cooling/Fan Fault : false ======================================= Obviously this is undesirable, as anyone could connect to the machine and power it off, reboot it, etc. How can I fix this? ------------------------------------------------------------------------ ------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel The information contained in this document is CONFIDENTIAL and property of Kontron. Any unauthorized review, use, disclosure or distribution is prohibited without express written consent of Kontron. If you are not the intended recipient, please contact the sender and destroy all copies of the original message and enclosed attachments. ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
