In attempting to make some Dell server BMC's more secure, I followed the recommendations given elsewhere and disabled cipher 0, using the following command (ipmitool
running on the host OS, which is CentOS 6.5 – I'm root while doing this, of course):
> ipmitool lan set 1 cipher_privs XXXaXXXXXXXXXXX
Then I wanted to change it to something else, and discovered that, apparently, I can't:
> ipmitool lan set 1 cipher_privs Xaaaaaaaaaaaaaa
LAN Parameter Data does not match! Write may have failed.
In other respects, things look fine:
> ipmitool lan print 1
Set in Progress : Set In Progress
Auth Type Support : NONE MD2 MD5 PASSWORD
Auth Type Enable : Callback : MD5
: User : MD5
: Operator : MD5
: Admin : MD5
: OEM :
IP Address Source : Static Address
IP Address : ...omitted for this posting...
Subnet Mask : 255.255.255.0
MAC Address : ...omitted for this posting...
SNMP Community String : ...omitted for this posting...
IP Header : TTL=0x40 Flags=0x40 Precedence=0x00 TOS=0x10
Default Gateway IP : ...omitted for this posting...
Default Gateway MAC : 00:00:00:00:00:00
Backup Gateway IP : 0.0.0.0
Backup Gateway MAC : 00:00:00:00:00:00
802.1q VLAN ID : Disabled
802.1q VLAN Priority : 0
RMCP+ Cipher Suites : 0,1,2,3,4,5,6,7,8,9,10,11,12,13
Cipher Suite Priv Max : XXXaXXXXXXXXXXX
: X=Cipher Suite Unused
: c=CALLBACK
: u=USER
: o=OPERATOR
: a=ADMIN
: O=OEM
Does anyone recognize this problem, and know how to solve it? Why does it appear impossible now to change the cipher_privs
value? I'm probably doing something ignorant – apologies if so.
You can reset the configuration on the idrac. Ssh to the idrac, run racadm, then run resetconfig. When it comes back up, the cipher settings will be default.