May 122014

I’ve long wanted a Get Channel Cipher Suite command w/o authentication, so I wrote a script to do so; those interested can get it here:

Actually none of the various ipmi tools seem to have this option; I’ve found it useful to use when looking at systems; it emits output similar (if not identical) to ipmitool… spotting those running cipher 0 becomes very, very clear. I should have used async probes instead of the back and forth chat that the protocol uses, but … w/e for now.

ID   IANA    Auth Alg        Integrity Alg   Confidentiality Alg
0    N/A     none            none             none
1    N/A     hmac-sha1       none             none
2    N/A     hmac-sha1       hmac-sha1-96     none
3    N/A     hmac-sha1       hmac-sha1-96     aes-cbc-128
6    N/A     hmac-md5        none             none
7    N/A     hmac-md5        hmac-md5-128     none
8    N/A     hmac-md5        hmac-md5-128     aes-cbc-128
11   N/A     hmac-md5        md5-128          none
12   N/A     hmac-md5        md5-128          aes-cbc-128

Sorry, the comment form is closed at this time.