Re: IPMI security article
On Tue, 2013-02-19 at 16:04 -0500, Michael ODonnell wrote: > > IPMI was involved with reestablishing communications with > your Dom-0 ? Interesting. Was that via Serial-Over-LAN? No. Sorry to confuse things. My Dom-0 has its own IP address. I had failed to map a firewall port to the Dom-0 ssh port. It had never been necessary for me to access Dom-0 remotely before. I was totally unaware of IPMI until I encountered that article grumbling about IPMI security. I did not even know that I had IPMI on my server - a fairly low-cost Supermicro box. -- Lloyd Kvam Venix Corp. 1 Court Street, Suite 378 Lebanon, NH 03766-1358 voice: 802-448-0836 fax:320-210-3409 ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPMI security article
IPMI was involved with reestablishing communications with your Dom-0 ? Interesting. Was that via Serial-Over-LAN? ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPMI security article
On Tue, 2013-02-19 at 11:16 -0500, Kevin D. Clark wrote: > Lloyd Kvam writes: > > > Should I simply disable IPMI or is it likely to be useful even in my > > circumstances? > > Do you have any need to manage your server remotely using the > functionality that IPMI provides? How easy is it for you to > physically access your server? I had failed to provide remote access to Xen Dom-0. When my virtualized server failed to start, Bill McGonigle stopped in my office to make repairs and get it started. I have fixed that oversight and can now ssh to both Dom-0 and my virtual mail server. The server sits on a table in my office, so access is normally trivial. I usually use ssh as the most convenient, but the server is also on a KVM. I have simply ignored hardware management beyond smartd. My primary concern was yet another security vector to worry about, but I don't think I have any exposure right now. > I've been giving IPMI some thought lately as well. > > Regards, > > --kevin -- Lloyd Kvam Venix Corp DLSLUG/GNHLUG library http://dlslug.org/library.html http://www.librarything.com/catalog/dlslug http://www.librarything.com/catalog/dlslug&sort=stamp http://www.librarything.com/rss/recent/dlslug ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: IPMI security article
Lloyd Kvam writes: > Should I simply disable IPMI or is it likely to be useful even in my > circumstances? Do you have any need to manage your server remotely using the functionality that IPMI provides? How easy is it for you to physically access your server? I've been giving IPMI some thought lately as well. Regards, --kevin -- alumni.unh.edu!kdc / http://kdc-blog.blogspot.com/ GnuPG: D87F DAD6 0291 289C EB1E 781C 9BF8 A7D8 B280 F24E And the Army Ants, they leave nothin' but the bones... -- Tom Waits ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/