[Ipmitool-devel] lanplus encryption

Mon, 11 Oct 2010 18:10:09 -0700 

Thanks for your help, anyone.  I'm basically looking for confirmation that
I'm doing this right ... Or some direction please.  ;-)

 

I want to ensure my lanplus traffic is encrypted, and not stupidly.  I have
Dell servers.  I configured the IPMI interface IP address, username,
password...  I generated a random string of hex to replace the default
encryption key, and I saved that for later use.  I set my shell variable
IPMICIPHER to the key.

 

Now, my confusion is ...  In the -k and -C switches.

 

If I do this:  ipmitool -I lanplus -H $IPMIHOST -U root -E channel info

Then it fails.  "Unable to establish IPMI v2 / RMCP+ session"

This seems to make sense to me; if I specified a custom encryption key on
the server, I would expect I need to provide it to the client.

 

If I do this:  ipmitool -I lanplus -H $IPMIHOST -U root -E -k $IPMICIPHER
channel info

Then it fails.  "Unable to establish IPMI v2 / RMCP+ session"

 

If I do this:  ipmitool -I lanplus -H $IPMIHOST -U root -E -C $IPMICIPHER
channel info

Then it succeeds.  I am surprised by this, because according to my
understanding of the manpages, I thought valid arguments of -C would be
relatively short, 00h to FFh, and just specifies the *type* of encryption
etc.  Not specifying the key itself.  FWIW, the first two characters of
IPMICIPHER are ED, which I think fall into the category of "reserved" in
table 22-19 of the spec.

 

If I mess up my IPMICIPHER a little bit ... Just change a few characters at
the end ...

Then it still works.

 

If I mess up my IPMICIPHER a lot ... Such as
0123456789012345678901234567890123456789

Then it doesn't work.

 

So, I'm confused.  Thank you, anyone, for your assistance.


------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel

Reply via email to