Generic hint: you can always get additional debug information with -vv or -vvvv from ipmitool
You have to specify the cipher suite you want to use as command line parameter (default is 3 which you seemed to have disabled). The BMC needs to support the specified cipher suite and of cause it should not be currently disabled. If you want to use the optional/additional HMAC256 cipher suites from the DCMI spec. / IPMI spec. Errata 6 you would need a version of ipmitool which supports them. e.g. ipmitool -I lanplus -C 17 -U user -P password -H host mc info P.S: Since you did not specify which cipher suites your BMC actually supports this is just guessing… From: VJ [mailto:purplet...@gmail.com] Sent: Tuesday, February 07, 2017 8:49 PM To: Liebig, Holger; ipmitool-devel@lists.sourceforge.net Subject: Re: [Ipmitool-devel] set cipher when i set some of the cipher suites e.g., lan set 1 cipher_privs XXaXXaXXXXXXXXX , I am not able to access the ipmi device at all. The error i get : Error in open session response message : no matching cipher suite Error: Unable to establish IPMI v2 / RMCP+ session On Tue, Jan 31, 2017 at 12:42 AM, holger.lie...@ts.fujitsu.com <holger.lie...@ts.fujitsu.com> wrote: Typically a BMC lists only the cipher suites it supports with ipmitool lan print e.g. # ipmitool lan print | grep Cipher RMCP+ Cipher Suites : 0,1,2,3,6,7,8,17 Cipher Suite Priv Max : XaaaaaaaXXXXXXX : X=Cipher Suite Unused : c=CALLBACK : u=USER : o=OPERATOR : a=ADMIN : O=OEM Cipher suite 17 in the example above corresponds with the 8th character. From: VJ [mailto:purplet...@gmail.com] Sent: Tuesday, January 31, 2017 4:10 AM To: ipmitool-devel@lists.sourceforge.net Subject: Re: [Ipmitool-devel] set cipher esp., Iam looking to enable Ciper Suite ID 17 : RAKP-HMAC-SHA256;HMAC-SHA256-128;AES-CBC-128 How can I set 17 when the man page says : privlist must be 15 characters in length I get error: lan set 1 cipher_privs XXXaXXXXXXXXXXXaa Invalid privilege specification length: 17 Thanks. On Mon, Jan 30, 2017 at 6:53 PM, VJ <purplet...@gmail.com> wrote: How do I set cipher using ipmitool ? I see ipmitoool getcipher but I dont see set cipher Thanks.
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Ipmitool-devel mailing list Ipmitool-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ipmitool-devel