[Ipmitool-devel] set cipher

Discussion:

2017-01-31 02:53:21 UTC

How do I set cipher using ipmitool ?

I see ipmitoool getcipher but I dont see set cipher

Thanks.

2017-01-31 03:10:22 UTC

esp., Iam looking to enable *Ciper Suite ID 17* :
RAKP-HMAC-SHA256;HMAC-SHA256-128;AES-CBC-128

How can I set 17 when the man page says : privlist must be 15 characters in
length

I get error:

lan set 1 cipher_privs XXXaXXXXXXXXXXXaa

Invalid privilege specification length: 17

Thanks.

Post by VJ
How do I set cipher using ipmitool ?
I see ipmitoool getcipher but I dont see set cipher
Thanks.

h***@ts.fujitsu.com

2017-01-31 08:42:11 UTC

Permalink

Typically a BMC lists only the cipher suites it supports with ipmitool lan
print e.g.

# ipmitool lan print | grep Cipher

RMCP+ Cipher Suites : 0,1,2,3,6,7,8,17

Cipher Suite Priv Max : XaaaaaaaXXXXXXX

: X=Cipher Suite Unused

: c=CALLBACK

: u=USER

: o=OPERATOR

: a=ADMIN

: O=OEM

Cipher suite 17 in the example above corresponds with the 8th character.

From: VJ [mailto:***@gmail.com]
Sent: Tuesday, January 31, 2017 4:10 AM
To: ipmitool-***@lists.sourceforge.net
Subject: Re: [Ipmitool-devel] set cipher

esp., Iam looking to enable Ciper Suite ID 17 :
RAKP-HMAC-SHA256;HMAC-SHA256-128;AES-CBC-128

How can I set 17 when the man page says : privlist must be 15 characters in
length

I get error:

lan set 1 cipher_privs XXXaXXXXXXXXXXXaa

Invalid privilege specification length: 17

Thanks.

On Mon, Jan 30, 2017 at 6:53 PM, VJ <***@gmail.com> wrote:

How do I set cipher using ipmitool ?

I see ipmitoool getcipher but I dont see set cipher

Thanks.

2017-02-07 19:48:30 UTC

Permalink

when i set some of the cipher suites e.g., lan set 1 cipher_privs
XXaXXaXXXXXXXXX , I am not able to access the ipmi device at all.
The error i get :
Error in open session response message : no matching cipher suite

Error: Unable to establish IPMI v2 / RMCP+ session

Post by h***@ts.fujitsu.com
Typically a BMC lists only the cipher suites it supports with ipmitool lan
print e.g.
# ipmitool lan print | grep Cipher
RMCP+ Cipher Suites : 0,1,2,3,6,7,8,17
Cipher Suite Priv Max : XaaaaaaaXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
Cipher suite 17 in the example above corresponds with the 8th character.
*Sent:* Tuesday, January 31, 2017 4:10 AM
*Subject:* Re: [Ipmitool-devel] set cipher
RAKP-HMAC-SHA256;HMAC-SHA256-128;AES-CBC-128
How can I set 17 when the man page says : privlist must be 15 characters
in length
lan set 1 cipher_privs XXXaXXXXXXXXXXXaa
Invalid privilege specification length: 17
Thanks.
How do I set cipher using ipmitool ?
I see ipmitoool getcipher but I dont see set cipher
Thanks.

h***@ts.fujitsu.com

2017-02-08 14:45:07 UTC

Permalink

Generic hint: you can always get additional debug information with -vv or -vvvv from ipmitool

You have to specify the cipher suite you want to use as command line parameter (default is 3 which you seemed to have disabled). The BMC needs to support the specified cipher suite and of cause it should not be currently disabled.

If you want to use the optional/additional HMAC256 cipher suites from the DCMI spec. / IPMI spec. Errata 6 you would need a version of ipmitool which supports them.

e.g. ipmitool -I lanplus -C 17 -U user -P password -H host mc info

P.S: Since you did not specify which cipher suites your BMC actually supports this is just guessingâŠ

From: VJ [mailto:***@gmail.com]
Sent: Tuesday, February 07, 2017 8:49 PM
To: Liebig, Holger; ipmitool-***@lists.sourceforge.net
Subject: Re: [Ipmitool-devel] set cipher

when i set some of the cipher suites e.g., lan set 1 cipher_privs XXaXXaXXXXXXXXX , I am not able to access the ipmi device at all.

The error i get :

Error in open session response message : no matching cipher suite

Error: Unable to establish IPMI v2 / RMCP+ session

On Tue, Jan 31, 2017 at 12:42 AM, ***@ts.fujitsu.com <***@ts.fujitsu.com> wrote:

Typically a BMC lists only the cipher suites it supports with ipmitool lan print e.g.

# ipmitool lan print | grep Cipher

RMCP+ Cipher Suites : 0,1,2,3,6,7,8,17

Cipher Suite Priv Max : XaaaaaaaXXXXXXX

: X=Cipher Suite Unused

: c=CALLBACK

: u=USER

: o=OPERATOR

: a=ADMIN

: O=OEM

Cipher suite 17 in the example above corresponds with the 8th character.

From: VJ [mailto:***@gmail.com]
Sent: Tuesday, January 31, 2017 4:10 AM
To: ipmitool-***@lists.sourceforge.net
Subject: Re: [Ipmitool-devel] set cipher

esp., Iam looking to enable Ciper Suite ID 17 : RAKP-HMAC-SHA256;HMAC-SHA256-128;AES-CBC-128

How can I set 17 when the man page says : privlist must be 15 characters in length

I get error:

lan set 1 cipher_privs XXXaXXXXXXXXXXXaa

Invalid privilege specification length: 17

Thanks.

On Mon, Jan 30, 2017 at 6:53 PM, VJ <***@gmail.com> wrote:

How do I set cipher using ipmitool ?

I see ipmitoool getcipher but I dont see set cipher

Thanks.

2017-02-13 23:54:45 UTC

Permalink

I had it set to so that lan print is :

RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,15

Cipher Suite Priv Max : XXaXXaXXXXXXXXX

but yet

both:

ipmitool -I lanplus -U Administrator -C 3

ipmitool -I lanplus -U Administrator -C 8

gives :

Error in open session response message : no matching cipher suite

Error: Unable to establish IPMI v2 / RMCP+ session

Post by h***@ts.fujitsu.com
Generic hint: you can always get additional debug information with -vv or
-vvvv from ipmitool
You have to specify the cipher suite you want to use as command line
parameter (default is 3 which you seemed to have disabled). The BMC needs
to support the specified cipher suite and of cause it should not be
currently disabled.
If you want to use the optional/additional HMAC256 cipher suites from the
DCMI spec. / IPMI spec. Errata 6 you would need a version of ipmitool which
supports them.
e.g. ipmitool -I lanplus -C 17 -U user -P password -H host mc info
P.S: Since you did not specify which cipher suites your BMC actually
supports this is just guessingâŠ
*Sent:* Tuesday, February 07, 2017 8:49 PM
*Subject:* Re: [Ipmitool-devel] set cipher
when i set some of the cipher suites e.g., lan set 1 cipher_privs
XXaXXaXXXXXXXXX , I am not able to access the ipmi device at all.
Error in open session response message : no matching cipher suite
Error: Unable to establish IPMI v2 / RMCP+ session
Typically a BMC lists only the cipher suites it supports with ipmitool lan print e.g.
# ipmitool lan print | grep Cipher
RMCP+ Cipher Suites : 0,1,2,3,6,7,8,17
Cipher Suite Priv Max : XaaaaaaaXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
Cipher suite 17 in the example above corresponds with the 8th character.
*Sent:* Tuesday, January 31, 2017 4:10 AM
*Subject:* Re: [Ipmitool-devel] set cipher
RAKP-HMAC-SHA256;HMAC-SHA256-128;AES-CBC-128
How can I set 17 when the man page says : privlist must be 15 characters in length
lan set 1 cipher_privs XXXaXXXXXXXXXXXaa
Invalid privilege specification length: 17
Thanks.
How do I set cipher using ipmitool ?
I see ipmitoool getcipher but I dont see set cipher
Thanks.

Continue reading on narkive:

Search results for '[Ipmitool-devel] set cipher' (Questions and Answers)

replies

writ a program that prompts the user to input a string and output the string in uppercase letters?

started 2007-12-01 00:50:44 UTC

homework help

replies

Is it tacky to have your kitchen table set?

started 2009-10-05 10:56:05 UTC

decorating & remodeling

replies

brute-force cipher cracking?