Note the current settings
From a system using ipmitools issue the following command:
EX: the remote hosts IP is 192.168.1.10 & the username / password is ADMIN
[root@host ~]# ipmitool -H 192.168.1.10 -P ADMIN -U ADMIN lan print Set in Progress : Set Complete Auth Type Support : NONE MD2 MD5 OEM Auth Type Enable : Callback : NONE MD2 MD5 OEM : User : NONE MD2 MD5 OEM : Operator : NONE MD2 MD5 OEM : Admin : NONE MD2 MD5 OEM : OEM : IP Address Source : Static Address IP Address : 192.168.1.10 Subnet Mask : 255.255.255.0 MAC Address : 00:11:22:33:44:55 SNMP Community String : AMI IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00 BMC ARP Control : ARP Responses Disabled, Gratuitous ARP Disabled Gratituous ARP Intrvl : 0.0 seconds Default Gateway IP : 192.168.1.1 Default Gateway MAC : 00:00:00:00:00:00 Backup Gateway IP : 0.0.0.0 Backup Gateway MAC : 00:00:00:00:00:00 802.1q VLAN ID : Disabled 802.1q VLAN Priority : 0 RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,0 Cipher Suite Priv Max : aaaaXXaaaXXaaXX : X=Cipher Suite Unused : c=CALLBACK : u=USER : o=OPERATOR : a=ADMIN : O=OEM
If the first character of "Cipher Suite Priv Max" is not a capital X then cipher suite zero is enabled.
Make the change
To disable it, copy the "Cipher Suite Priv Max" output (ex: aaaaXXaaaXXaaXX) and change the first character to X (ex: XaaaXXaaaXXaaXX)
Re-run the command but replace print
with set 1 cipher_privs XaaaXXaaaXXaaXX
(note the X as the first character)
[root@host ~]# ipmitool -H 192.168.1.10 -P ADMIN -U ADMIN lan set 1 cipher_privs XaaaXXaaaXXaaXX
Now re-run the first command to be sure the changes were made:
[root@host ~]# ipmitool -H 192.168.1.10 -P ADMIN -U ADMIN lan print Set in Progress : Set Complete Auth Type Support : NONE MD2 MD5 OEM Auth Type Enable : Callback : NONE MD2 MD5 OEM : User : NONE MD2 MD5 OEM : Operator : NONE MD2 MD5 OEM : Admin : NONE MD2 MD5 OEM : OEM : IP Address Source : Static Address IP Address : 192.168.1.10 Subnet Mask : 255.255.255.0 MAC Address : 00:11:22:33:44:55 SNMP Community String : AMI IP Header : TTL=0x00 Flags=0x00 Precedence=0x00 TOS=0x00 BMC ARP Control : ARP Responses Disabled, Gratuitous ARP Disabled Gratituous ARP Intrvl : 0.0 seconds Default Gateway IP : 192.168.1.1 Default Gateway MAC : 00:00:00:00:00:00 Backup Gateway IP : 0.0.0.0 Backup Gateway MAC : 00:00:00:00:00:00 802.1q VLAN ID : Disabled 802.1q VLAN Priority : 0 RMCP+ Cipher Suites : 1,2,3,6,7,8,11,12,0 Cipher Suite Priv Max : XaaaXXaaaXXaaXX : X=Cipher Suite Unused : c=CALLBACK : u=USER : o=OPERATOR : a=ADMIN : O=OEM
0 Comments