Al,
Not sure if you meant to post on the list as well.
Could you try cipher suite 17 via "-I 17". FreeIPMI defaults to
cipher suite 3. Perhaps your motherboard requires users to use the
newer / more secure cipher suite 17 only and the error it returns is
just a bad one. May want to try "-l admin" as well in combination if
it doesn't work.
Adding "-I 17" did the trick:
$ ipmipower -D LAN_2_0 -h host-bmc -u admin -p $PWORD -I 17
ipmipower> stat
host-bmc: on
I didn't even have to add "-l ADMIN", though I would think that that
would be needed for other functions besides checking the power status.
May be interesting to see what `bmc-config --checkout --section
Rmcpplus_Conf_Privilege` on the remote machine outputs too. See if
they disable a number of cipher suites.
This is curious (output from remote host):
$ bmc-config --checkout --section Rmcpplus_Conf_Privilege
#
# Section Rmcpplus_Conf_Privilege Comments
#
# If your system supports IPMI 2.0 and Serial-over-LAN (SOL),cipher
suite IDs
# may be configurable below. In the Rmcpplus_Conf_Privilege section,
maximum
# user privilege levels allowed for authentication under IPMI 2.0
(including
# Serial-over-LAN) are set for each supported cipher suite ID. Each
cipher suite
# ID supports different sets of authentication, integrity, and encryption
# algorithms for IPMI 2.0. Typically, the highest privilege level any
username
# configured should set for support under a cipher suite ID. This is
typically
# "Administrator".
#
Section Rmcpplus_Conf_Privilege
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_1 Unused
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_2 Unused
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_3 Unused
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_6 Unused
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_7 Unused
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_8 Unused
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_11 Unused
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_12 Unused
## Possible values:
Unused/User/Operator/Administrator/OEM_Proprietary
Maximum_Privilege_Cipher_Suite_Id_15 Unused
EndSection
I do not see anything for cipher suite 17 in the above.
Side note: would be curious if `bmc-info -h ... -u ... -p ....` works
/ doesn't work as well. Just to make sure its not a bug specific to
ipmipower.
Looks like it is not specific to ipmipower:
$ bmc-info -D LAN_2_0 -h host-bmc -u admin -p $PWORD
ipmi_ctx_open_outofband_2_0: BMC busy
$ bmc-info -D LAN_2_0 -h host-bmc -u admin -p $PWORD -I 17
Device ID : 34
Device Revision : 1
Device SDRs : unsupported
Firmware Revision : 2.89
Device Available : yes (normal operation)
IPMI Version : 2.0
Sensor Device : supported
SDR Repository Device : supported
SEL Device : supported
FRU Inventory Device : supported
IPMB Event Receiver : supported
IPMB Event Generator : unsupported
Bridge : unsupported
Chassis Device : supported
Manufacturer ID : Intel Corporation (343)
Product ID : 152
Auxiliary Firmware Revision Information : 7E3B728Bh
Device GUID : ba922c2e-9b0e-8347-5586-d7428bea0474
System GUID : 123d8901-bfa4-c79b-eb11-51dd801ff599
Channel Information
Channel Number : 0
Medium Type : IPMB (I2C)
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 1
Medium Type : 802.3 LAN
Protocol Type : IPMB-1.0
Active Session Count : 15
Session Support : multi-session
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 2
Medium Type : 802.3 LAN
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : multi-session
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 3
Medium Type : 802.3 LAN
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : multi-session
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 5
Medium Type : OEM
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 6
Medium Type : IPMB (I2C)
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 7
Medium Type : System Interface (KCS, SMIC, or BT)
Protocol Type : KCS
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 8
Medium Type : OEM
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 9
Medium Type : IPMB (I2C)
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 10
Medium Type : IPMB (I2C)
Protocol Type : IPMB-1.0
Active Session Count : 0
Session Support : session-less
Vendor ID : Intelligent Platform Management Interface forum
(7154)
Channel Number : 208
Medium Type : unknown
Protocol Type : unknown
Active Session Count : 49
Session Support : unknown
Vendor ID : 722393994
Channel Number : 157
Medium Type : OEM
Protocol Type : Reserved
Active Session Count : 0
Session Support : unknown
Vendor ID : Corp. Hostarica (22059)
Channel Number : 157
Medium Type : OEM
Protocol Type : Reserved
Active Session Count : 0
Session Support : unknown
Vendor ID : consistec Engineering & Consulting GmbH (32669)
Thank you, Al!
Regards,
Devon
On 10/27/22 4:41 PM, Al Chu11 wrote:
Ahhh it did remind me of something.
Using best available cipher suite 17
Could you try cipher suite 17 via "-I 17". FreeIPMI defaults to
cipher suite 3. Perhaps your motherboard requires users to use the
newer / more secure cipher suite 17 only and the error it returns is
just a bad one. May want to try "-l admin" as well in combination if
it doesn't work.
May be interesting to see what `bmc-config --checkout --section
Rmcpplus_Conf_Privilege` on the remote machine outputs too. See if
they disable a number of cipher suites.
Side note: would be curious if `bmc-info -h ... -u ... -p ....` works
/ doesn't work as well. Just to make sure its not a bug specific to
ipmipower.
Al