May 122014
I’ve long wanted a Get Channel Cipher Suite command w/o authentication, so I wrote a script to do so; those interested can get it here:
https://github.com/zenfish/ipmi/blob/master/ipmi-get-ciphers.py
Actually none of the various ipmi tools seem to have this option; I’ve found it useful to use when looking at systems; it emits output similar (if not identical) to ipmitool… spotting those running cipher 0 becomes very, very clear. I should have used async probes instead of the back and forth chat that the protocol uses, but … w/e for now.
./ipmi-get-ciphers.py 10.0.0.1
ID IANA Auth Alg Integrity Alg Confidentiality Alg
0 N/A none none none
1 N/A hmac-sha1 none none
2 N/A hmac-sha1 hmac-sha1-96 none
3 N/A hmac-sha1 hmac-sha1-96 aes-cbc-128
6 N/A hmac-md5 none none
7 N/A hmac-md5 hmac-md5-128 none
8 N/A hmac-md5 hmac-md5-128 aes-cbc-128
11 N/A hmac-md5 md5-128 none
12 N/A hmac-md5 md5-128 aes-cbc-128
ID IANA Auth Alg Integrity Alg Confidentiality Alg
0 N/A none none none
1 N/A hmac-sha1 none none
2 N/A hmac-sha1 hmac-sha1-96 none
3 N/A hmac-sha1 hmac-sha1-96 aes-cbc-128
6 N/A hmac-md5 none none
7 N/A hmac-md5 hmac-md5-128 none
8 N/A hmac-md5 hmac-md5-128 aes-cbc-128
11 N/A hmac-md5 md5-128 none
12 N/A hmac-md5 md5-128 aes-cbc-128
Sorry, the comment form is closed at this time.