Server User Manual

ManualsBrandsBlack Box ManualsServerLES1308A

261

262

263

264

265

266

267

268

269

270

The ipmitool documentation highlights that there are several security issues to be considered before

enabling the IPMI LAN interface. A remote station has the ability to control a system's power state as

well as being able to gather certain platform information. To reduce vulnerability, we strongly advise

that the IPMI LAN interface only be enabled in 'trusted' environments where system security is not an

issue or where there is a dedicated secure 'management network' or access has been provided through

an console server.

Further, we strongly advise that you do not enable IPMI for remote access without setting a password,

and that that password should not be the same as any other password on that system.

When an IPMI password is changed on a remote machine with the IPMIv1.5 lan interface, the new

password is sent across the network as clear text. This could be observed and then used to attack the

remote system. We recommend that IPMI password management only be done over IPMIv2.0 lanplus

interface or the system interface on the local station.

For IPMI v1.5, the maximum password length is 16 characters. Passwords longer than 16 characters will

be truncated.

For IPMI v2.0, the maximum password length is 20 characters; longer passwords are truncated.

COMMANDS

help

This can be used to get command-line help on ipmitool commands. It may also be placed at the

end of commands to get option usage help.

ipmitool help

Commands:

raw Send a RAW IPMI request and print

response

lan Configure LAN Channels

chassis Get chassis status and set power

state

event Send pre-defined events to MC

mc Management Controller status and

global enables

sdr Print Sensor Data Repository

entries and readings

sensor Print detailed sensor information

fru Print built-in FRU and scan SDR

for FRU locators

sel Print System Event Log (SEL)

pef Configure Platform Event Filtering

(PEF)

sol Configure IPMIv2.0 Serial-over-LAN

isol Configure IPMIv1.5 Serial-over-LAN

user Configure Management Controller

users

channel Configure Management Controller

_____________________________________________________________________

724-746-5500 | blackbox.com Page 268