I'm trying to understand cipher suites and ipmitool. The 2.0 spec says that
there are 15 suites plus an OEM specified one (and reserved space); ipmitool's
man page says cipher 0 is reserved in the cipher_privs option:
The format of privlist is as follows. Each character represents a
privilege level and the character position identifies the cipher suite
number. For example, the first character represents cipher suite
1 (cipher suite 0 is reserved), the second represents cipher suite 2,
and so on. privlist must be 15 characters in length.
And then gives an example; "to set the maximum privilege for cipher suite 1 to
USER and suite 2 to ADMIN, issue the following command":
ipmitool -I interface lan set channel cipher_privs uaXXXXXXXXXXXXX
Does this mean you can't set cipher suite 0? Or if you can, can you not set
the OEM one?
I see in the archives Jarred said
(http://www.mail-archive.com/ipmitool-devel@lists.sourceforge.net/msg01169.html):
You have to change your BMCs to reject cipher suite 0. FYI, IBM servers ship
with it disabled for this very reason.
ipmitool lan set 1 cipher_privs XaaaXXXXXXXXXXX
should do it.
In his example, however, it was answering a question about a conf that listed a
limited set of suites:
RMCP+ Cipher Suites : 0,1,2,3
So maybe the suites listed on the "RMCP+ Cipher Suites" correspond to the
letters in the cipher_priv string?
Or perhaps some use position 1 in the cipher_priv string as cipher 0, are the
docs or jarred right/wrong, or am I just plain confused?
And my supermicro comes along to further muddy my waters:
# ipmitool -I lanplus -H 192.168.0.69 -U ADMIN -P foobar lan print 1
[...]
RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,0
Cipher Suite Priv Max : aaaaaaaaaaaaaaa
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
[…]
(Note the odd placement of cipher 0 - the last in the list)
I've been unable to get it to accept cipher suite 0 (just testing, really! :)),
but they may not support it or I'm doing it wrong or I don't know if the odd
placement of Cipher 0 in their list means you have to place it in another
position, but 15 "a"s in a row didn't seem to do anything.
Thanks for any clarifications.
dan
^..^
------------------------------------------------------------------------------
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
