> It sounds like you have the default (null) user enabled with no password > for the lan channel. > You would want to disable the null user (user 1) for that channel. Or, > you could add a password to that user if you prefer. Even with Cipher > Suite 0, the password would be MD5 hashed. > ipmitool user list 1 > would show the users for channel 1, if your ipmi lan is on channel 1. > ipmitool user disable 1 > would disable user 1, the null user.
I have tried assigning user #1 and also the lan channel password using the following commands: (This is a different machine where the lan channel is 2): $ ipmitool user set password 1 XYZ $ ipmitool lan set 2 password XYZ But still if I run the command with -C0 and a blank password, it works: $ ipmitool -C0 -I lanplus -H 192.168.1.21 chassis power status Password: Chassis Power is on If I run it without -C at all (which the man page says defaults to -C3), or with "-C1" or "-C2" or "-C3", then it requires that I type the correct password. But with "-C0" it allows me to enter a blank password. What am I missing? > -----Original Message----- > From: Fred Tyler [mailto:fred...@gmail.com] > Sent: Tuesday, April 14, 2009 7:54 PM > To: ipmitool-devel@lists.sourceforge.net > Subject: [Ipmitool-devel] IPMI lanplus connection using -C0 does not > requirepassword > > Hi, I don't know how this has happened, but I can run ipmitool > commands on a remote machine without a password if I specify -C0 on > the command line. > > Here's the lan configuration of the server running IPMI: > > ============================== > > r...@server$ ipmitool lan print 6 > Set in Progress : Set Complete > Auth Type Support : NONE MD2 MD5 PASSWORD > Auth Type Enable : Callback : NONE MD2 MD5 PASSWORD > : User : NONE MD2 MD5 PASSWORD > : Operator : NONE MD2 MD5 PASSWORD > : Admin : NONE MD2 MD5 PASSWORD > : OEM : NONE MD2 MD5 PASSWORD > IP Address Source : Static Address > IP Address : 192.168.1.21 > Subnet Mask : 255.255.255.0 > MAC Address : 00:a0:d1:e2:b5:fe > SNMP Community String : public > IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10 > BMC ARP Control : ARP Responses Enabled, Gratuitous ARP Disabled > Gratituous ARP Intrvl : 2.0 seconds > Default Gateway IP : 192.168.1.1 > Default Gateway MAC : 00:1c:bf:25:b7:70 > Backup Gateway IP : 0.0.0.0 > Backup Gateway MAC : 00:00:00:00:00:00 > 802.1q VLAN ID : Disabled > 802.1q VLAN Priority : 0 > RMCP+ Cipher Suites : 0,1,2,3 > Cipher Suite Priv Max : Not Available > > ===================================== > > > When I do not specify "-C", and I enter a blank password, I get an > "Unable to establish IPMI v2 RMCP+ session" error. > > However, here is the output of the IPMI command where I specify -C0 on > the command line and enter a blank password: > > ====================================== > > $ ipmitool -C0 -I lanplus -H 192.168.1.21 chassis status > Password: > System Power : on > Power Overload : false > Power Interlock : inactive > Main Power Fault : false > Power Control Fault : false > Power Restore Policy : always-off > Last Power Event : ac-failed > Chassis Intrusion : inactive > Front-Panel Lockout : inactive > Drive Fault : false > Cooling/Fan Fault : false > > ======================================= > > > Obviously this is undesirable, as anyone could connect to the machine > and power it off, reboot it, etc. > > How can I fix this? > > ------------------------------------------------------------------------ > ------ > This SF.net email is sponsored by: > High Quality Requirements in a Collaborative Environment. > Download a free trial of Rational Requirements Composer Now! > http://p.sf.net/sfu/www-ibm-com > _______________________________________________ > Ipmitool-devel mailing list > Ipmitool-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/ipmitool-devel > > The information contained in this document is CONFIDENTIAL and property of > Kontron. Any unauthorized review, use, disclosure or distribution is > prohibited without express written consent of Kontron. If you are not the > intended recipient, please contact the sender and destroy all copies of the > original message and enclosed attachments. > > ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
