From: ^..^ <ze...@gm...> - 2013-01-09 17:29:52
|
I'm trying to understand cipher suites and ipmitool. The 2.0 spec says that there are 15 suites plus an OEM specified one (and reserved space); ipmitool's man page says cipher 0 is reserved in the cipher_privs option: The format of privlist is as follows. Each character represents a privilege level and the character position identifies the cipher suite number. For example, the first character represents cipher suite 1 (cipher suite 0 is reserved), the second represents cipher suite 2, and so on. privlist must be 15 characters in length. And then gives an example; "to set the maximum privilege for cipher suite 1 to USER and suite 2 to ADMIN, issue the following command": ipmitool -I interface lan set channel cipher_privs uaXXXXXXXXXXXXX Does this mean you can't set cipher suite 0? Or if you can, can you not set the OEM one? I see in the archives Jarred said (http://www.mail-archive.com/ipm...@li.../msg01169.html): You have to change your BMCs to reject cipher suite 0. FYI, IBM servers ship with it disabled for this very reason. ipmitool lan set 1 cipher_privs XaaaXXXXXXXXXXX should do it. In his example, however, it was answering a question about a conf that listed a limited set of suites: RMCP+ Cipher Suites : 0,1,2,3 So maybe the suites listed on the "RMCP+ Cipher Suites" correspond to the letters in the cipher_priv string? Or perhaps some use position 1 in the cipher_priv string as cipher 0, are the docs or jarred right/wrong, or am I just plain confused? And my supermicro comes along to further muddy my waters: # ipmitool -I lanplus -H 192.168.0.69 -U ADMIN -P foobar lan print 1 [...] RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,0 Cipher Suite Priv Max : aaaaaaaaaaaaaaa : X=Cipher Suite Unused : c=CALLBACK : u=USER : o=OPERATOR : a=ADMIN : O=OEM […] (Note the odd placement of cipher 0 - the last in the list) I've been unable to get it to accept cipher suite 0 (just testing, really! :)), but they may not support it or I'm doing it wrong or I don't know if the odd placement of Cipher 0 in their list means you have to place it in another position, but 15 "a"s in a row didn't seem to do anything. Thanks for any clarifications. dan ^..^ |