Curious, how does confluent ipmi interaction work against those systems? does
it manage to successfully downgrade transparently?
________________________________
From: Ryan Novosielski via xCAT-user <xcat-user@lists.sourceforge.net>
Sent: Tuesday, January 9, 2024 5:37 PM
To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>
Cc: Ryan Novosielski <novos...@rutgers.edu>
Subject: Re: [xcat-user] [External] Ipmitool support for old BMC cipher suite 3
I can confirm that that last part is not true:
root@fw01-hpc-hill:/home/novosirj 11:11 PM# ipmitool -U USERID -I lanplus -H
master-imm chassis status
Password:
Error in open session response message : no matching cipher suite
Error: Unable to establish IPMI v2 / RMCP+ session
…and suspected as much since I had to learn anything about the cipher suites
and -C. :-D
Maybe the version provided by RHEL derivatives has defaults or something? We’re
on RHEL8/9 where we’re seeing it.
—
#BlackLivesMatter
____
|| \\UTGERS, |---------------------------*O*---------------------------
||_// the State | Ryan Novosielski - novos...@rutgers.edu
|| \\ University | Sr. Technologist - 973/972.0922 (2x0922) ~*~ RBHS Campus
|| \\ of NJ | Office of Advanced Research Computing - MSB A555B, Newark
`'
On Jan 9, 2024, at 16:24, Jarrod Johnson <jjohns...@lenovo.com> wrote:
In what context do you find use of ipmitool with '-C'? I was checking the
ipmi console backend and it doesn't seem to have that.
rpower and such should try SHA256, fallback to SHA1 (equivalent to -C 3)
The ipmi backend for conserver, if used, doesn't currently attempt a -C 17 that
I see. Newer ipmitool should try 17 and fallback to 3, if that's the issue.
________________________________
From: David Johnson <david_john...@brown.edu<mailto:david_john...@brown.edu>>
Sent: Tuesday, January 9, 2024 11:53 AM
To: xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net>
<xcat-user@lists.sourceforge.net<mailto:xcat-user@lists.sourceforge.net>>
Subject: [External] [xcat-user] Ipmitool support for old BMC cipher suite 3
I’d like to know if there is an option somewhere in xcat to choose -C 3 for
either selected elderly nodes that don’t support suite 17, or use -C 3 by
default for the whole cluster? Thanks!
-- ddj
Dave Johnson
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net<mailto:xCAT-user@lists.sourceforge.net>
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fxcat-user&data=05%7C02%7Cjjohnson2%40lenovo.com%7Cd9dfc4515405458dcfe508dc115658f9%7C5c7d0b28bdf8410caa934df372b16203%7C0%7C0%7C638404309770277001%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g7uQXqtymGyHV4M4KxJraoePWpw9aslYbAl6Cj0UCZk%3D&reserved=0<https://lists.sourceforge.net/lists/listinfo/xcat-user>
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net<mailto:xCAT-user@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/xcat-user
_______________________________________________
xCAT-user mailing list
xCAT-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xcat-user
