C <ciphersuite>
The remote server authentication, integrity, and encryption algorithms to use for IPMIv2.0 lanplus connections. See table 22-20 in the IPMI v2.0 specification.
The default is 17 which specifies RAKP-HMAC-SHA256 authentication, HMAC-SHA256-128 integrity, and AES-CBC-128 encryption algorithms.
NOTE: In 1.8.18 and earlier the default was 3, which was insecure and was not supported by some more recent BMC implementations.
Doing a quick check with ipmitook this takes very little time. This checks the four IDs that are presented in the MAAS UI in 3.4.2:
bladernr@galactica:~/development/checkflinger$ ipmitool -V
ipmitool version 1.8.19
bladernr@galactica:~/development/checkflinger$ time for csi in 17 3 8 12; do echo "Checking ID $csi"; if ipmitool -U $USER -P $PASSWORD -H $HOST -I lanplus -C $csi power status &> /dev/null; then echo SUCCESS; else echo FAILURE; fi; done
Checking ID 17
SUCCESS
Checking ID 3
FAILURE
Checking ID 8
FAILURE
Checking ID 12
FAILURE
real 0m1.412s
user 0m0.054s
sys 0m0.018s
It is also a pretty fast check using freeipmi-tools as well:
bladernr@galactica:~/development/checkflinger$ ipmipower -V
ipmipower - 1.6.11
Copyright (C) 2007-2015 Lawrence Livermore National Security, LLC.
Copyright (C) 2003-2007 The Regents of the University of California.
This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
bladernr@galactica:~/development/checkflinger$ time for csi in 17 3 8 12; do echo "Checking ID $csi"; if ipmipower -u $USER -p $PASSWORD -h $HOST -D LAN_2_0 -I $csi -s &> /dev/null; then echo SUCCESS; else echo FAILURE; fi; done
Checking ID 17
SUCCESS
Checking ID 3
FAILURE
Checking ID 8
FAILURE
Checking ID 12
FAILURE
Additionally per the manpage for ipmitool:
C <ciphersuite>
The remote server authentication, integrity, and encryption algorithms to use for IPMIv2.0 lanplus connections. See table 22-20 in the IPMI v2.0 specification.
The default is 17 which specifies RAKP-HMAC-SHA256 authentication, HMAC-SHA256-128 integrity, and AES-CBC-128 encryption algorithms.
NOTE: In 1.8.18 and earlier the default was 3, which was insecure and was not supported by some more recent BMC implementations.
Doing a quick check with ipmitook this takes very little time. This checks the four IDs that are presented in the MAAS UI in 3.4.2:
bladernr@ galactica: ~/development/ checkflinger$ ipmitool -V galactica: ~/development/ checkflinger$ time for csi in 17 3 8 12; do echo "Checking ID $csi"; if ipmitool -U $USER -P $PASSWORD -H $HOST -I lanplus -C $csi power status &> /dev/null; then echo SUCCESS; else echo FAILURE; fi; done
ipmitool version 1.8.19
bladernr@
Checking ID 17
SUCCESS
Checking ID 3
FAILURE
Checking ID 8
FAILURE
Checking ID 12
FAILURE
real 0m1.412s
user 0m0.054s
sys 0m0.018s
It is also a pretty fast check using freeipmi-tools as well:
bladernr@ galactica: ~/development/ checkflinger$ ipmipower -V galactica: ~/development/ checkflinger$ time for csi in 17 3 8 12; do echo "Checking ID $csi"; if ipmipower -u $USER -p $PASSWORD -h $HOST -D LAN_2_0 -I $csi -s &> /dev/null; then echo SUCCESS; else echo FAILURE; fi; done
ipmipower - 1.6.11
Copyright (C) 2007-2015 Lawrence Livermore National Security, LLC.
Copyright (C) 2003-2007 The Regents of the University of California.
This program is free software; you may redistribute it under the terms of
the GNU General Public License. This program has absolutely no warranty.
bladernr@
Checking ID 17
SUCCESS
Checking ID 3
FAILURE
Checking ID 8
FAILURE
Checking ID 12
FAILURE
real 0m1.035s
user 0m0.001s
sys 0m0.021s