On Wed, Apr 15, 2009 at 10:28 AM, Jarrod B Johnson <jbjoh...@us.ibm.com> wrote: > You have to change your BMCs to reject cipher suite 0. FYI, IBM servers ship > with it disabled for this very reason. > > ipmitool lan set 1 cipher_privs XaaaXXXXXXXXXXX
Ok, my lan channel is 2 on one machine and 6 on another, so I changed this command, but then I get the following errors: =============== Machine 1 (lan channel 2) =============== $ ipmitool lan set 2 cipher_privs XaaaXXXXXXXXXXX LAN Parameter Data does not match! Write may have failed. =============== Machine 2 (lan channel 6) =============== $ ipmitool lan set 6 cipher_privs XaaaXXXXXXXXXXX Mismatched data lengths: 2 != 9 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ However, I found that if I changed the command on Machine 1 to the following, it "worked": $ ipmitool lan set 2 cipher_privs caaaXXXXXXXXXXX This does seem to block the blank passwords, though I'm not sure how or why or if it's actually secure. ~~~~~~~~~~~~~~~~~~~~~~~~~ As for Machine #2, I can't get any cipher_privs command to work on it, which apparently only has 2 cipher suites and reports "Not available" for priv max: RMCP+ Cipher Suites : 0,1 Cipher Suite Priv Max : Not Available ~~~~~~~~~~~~~~~~~~~~~~~ And just in case there is a simple solution: All I want to do is have a secure way for a single user (me) to remotely reboot a machine, log in to a console, etc. I don't need multiple users or anything complex. If I'm making this more difficult than need be, please let me know :-) Thanks. ------------------------------------------------------------------------------ This SF.net email is sponsored by: High Quality Requirements in a Collaborative Environment. Download a free trial of Rational Requirements Composer Now! http://p.sf.net/sfu/www-ibm-com _______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
