I had it set to so that lan print is :
RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,15
Cipher Suite Priv Max : XXaXXaXXXXXXXXX
but yet
both:
ipmitool -I lanplus -U Administrator -C 3
ipmitool -I lanplus -U Administrator -C 8
gives :
Error in open session response message : no matching cipher suite
Error: Unable to establish IPMI v2 / RMCP+ session
On Wed, Feb 8, 2017 at 6:45 AM, holger.lie...@ts.fujitsu.com <
holger.lie...@ts.fujitsu.com> wrote:
> Generic hint: you can always get additional debug information with -vv or
> -vvvv from ipmitool
>
>
>
> You have to specify the cipher suite you want to use as command line
> parameter (default is 3 which you seemed to have disabled). The BMC needs
> to support the specified cipher suite and of cause it should not be
> currently disabled.
>
>
>
> If you want to use the optional/additional HMAC256 cipher suites from the
> DCMI spec. / IPMI spec. Errata 6 you would need a version of ipmitool which
> supports them.
>
>
>
> e.g. ipmitool -I lanplus -C 17 -U user -P password -H host mc info
>
>
>
> P.S: Since you did not specify which cipher suites your BMC actually
> supports this is just guessing…
>
>
>
>
>
>
>
> *From:* VJ [mailto:purplet...@gmail.com]
> *Sent:* Tuesday, February 07, 2017 8:49 PM
> *To:* Liebig, Holger; ipmitool-devel@lists.sourceforge.net
>
> *Subject:* Re: [Ipmitool-devel] set cipher
>
>
>
> when i set some of the cipher suites e.g., lan set 1 cipher_privs
> XXaXXaXXXXXXXXX , I am not able to access the ipmi device at all.
>
> The error i get :
>
> Error in open session response message : no matching cipher suite
>
>
>
> Error: Unable to establish IPMI v2 / RMCP+ session
>
>
>
> On Tue, Jan 31, 2017 at 12:42 AM, holger.lie...@ts.fujitsu.com <
> holger.lie...@ts.fujitsu.com> wrote:
>
> Typically a BMC lists only the cipher suites it supports with ipmitool lan
> print e.g.
>
> # ipmitool lan print | grep Cipher
>
> RMCP+ Cipher Suites : 0,1,2,3,6,7,8,17
>
> Cipher Suite Priv Max : XaaaaaaaXXXXXXX
>
> : X=Cipher Suite Unused
>
> : c=CALLBACK
>
> : u=USER
>
> : o=OPERATOR
>
> : a=ADMIN
>
> : O=OEM
>
>
>
> Cipher suite 17 in the example above corresponds with the 8th character.
>
>
>
> *From:* VJ [mailto:purplet...@gmail.com]
> *Sent:* Tuesday, January 31, 2017 4:10 AM
> *To:* ipmitool-devel@lists.sourceforge.net
> *Subject:* Re: [Ipmitool-devel] set cipher
>
>
>
> esp., Iam looking to enable *Ciper Suite ID 17* :
> RAKP-HMAC-SHA256;HMAC-SHA256-128;AES-CBC-128
>
>
>
> How can I set 17 when the man page says : privlist must be 15 characters
> in length
>
>
>
> I get error:
>
> lan set 1 cipher_privs XXXaXXXXXXXXXXXaa
>
> Invalid privilege specification length: 17
>
> Thanks.
>
> On Mon, Jan 30, 2017 at 6:53 PM, VJ <purplet...@gmail.com> wrote:
>
> How do I set cipher using ipmitool ?
>
>
>
> I see ipmitoool getcipher but I dont see set cipher
>
>
>
>
>
> Thanks.
>
>
>
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel
