Re: [Ipmitool-devel] set cipher

holger.lie...@ts.fujitsu.com Wed, 08 Feb 2017 07:06:29 -0800

Generic hint: you can always get additional debug information with -vv or -vvvv 
from ipmitool


 

You have to specify the cipher suite you want to use as command line parameter 
(default is 3 which you seemed to have disabled). The BMC needs to support the 
specified cipher suite and of cause it should not be currently disabled. 

 

If you want to use the optional/additional HMAC256 cipher suites from the DCMI 
spec. / IPMI spec. Errata 6 you would need a version of ipmitool which supports 
them.

 

e.g. ipmitool -I lanplus -C 17 -U user -P password -H host mc info

 

P.S: Since you did not specify which cipher suites your BMC actually supports 
this is just guessing…

 

 

 

From: VJ [mailto:purplet...@gmail.com] 
Sent: Tuesday, February 07, 2017 8:49 PM
To: Liebig, Holger; ipmitool-devel@lists.sourceforge.net
Subject: Re: [Ipmitool-devel] set cipher

 

when i set some of the cipher suites e.g., lan set 1 cipher_privs 
XXaXXaXXXXXXXXX , I am not able to access the ipmi device at all.

The error i get :

Error in open session response message : no matching cipher suite

 

Error: Unable to establish IPMI v2 / RMCP+ session 

 

On Tue, Jan 31, 2017 at 12:42 AM, holger.lie...@ts.fujitsu.com 
<holger.lie...@ts.fujitsu.com> wrote:

Typically a BMC lists only the cipher suites it supports with ipmitool lan 
print e.g.

# ipmitool lan print | grep Cipher

RMCP+ Cipher Suites     : 0,1,2,3,6,7,8,17

Cipher Suite Priv Max   : XaaaaaaaXXXXXXX

                        :     X=Cipher Suite Unused

                        :     c=CALLBACK

                        :     u=USER

                        :     o=OPERATOR

                        :     a=ADMIN

                        :     O=OEM

 

Cipher suite 17 in the example above corresponds with the 8th character. 

 

From: VJ [mailto:purplet...@gmail.com] 
Sent: Tuesday, January 31, 2017 4:10 AM
To: ipmitool-devel@lists.sourceforge.net
Subject: Re: [Ipmitool-devel] set cipher

 

esp., Iam looking to enable Ciper Suite ID 17 : 
RAKP-HMAC-SHA256;HMAC-SHA256-128;AES-CBC-128

 

How can I set 17 when the man page says : privlist must be 15 characters in 
length

 

I get error:

lan set 1 cipher_privs XXXaXXXXXXXXXXXaa

Invalid privilege specification length: 17

Thanks.

On Mon, Jan 30, 2017 at 6:53 PM, VJ <purplet...@gmail.com> wrote:

How do I set cipher using ipmitool ?

 

I see ipmitoool getcipher but I dont see set cipher

 

 

Thanks.

smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Ipmitool-devel mailing list
Ipmitool-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipmitool-devel

Re: [Ipmitool-devel] set cipher

Reply via email to