Loading ...
Loading ...
Loading ...
262
15. Advanced Configuration
-H <address> Remote server address. Can be IP address or hostname. This option is required for lan and
lanplus interfaces.
-I <interface> Selects IPMI interface to use. Supported interfaces that are compiled in are visible in the usage
help output.
-L <privlvl> Force session privilege level. Can be CALLBACK, USER, OPERATOR, and ADMIN. Default is ADMIN.
-m <local_address> Set the local IPMB address. The default is 0x20. There is no need to change this setting under
normal operation.
-o <oemtype> Select the OEM type to support. This usually involves minor hacks in place in the code to work
around quirks in various BMCs from various manufacturers. Use -o list to see a list of current
supported OEM types.
-p <port> Remote server UDP port to connect to. Default is 623.
-P <password> Remote server password is specified on the command line. If supported, it will be obscured in the
process list.
Note: Specifying the password as a command line option is not recommended.
-t <target_address> Bridge IPMI requests to the remote target address.
-U <username> Remote server username, default is NULL user.
-v Increase verbose output level. This option may be specified multiple times to increase the level of
debug output. If given three times, you will get hexdumps of all incoming and outgoing packets.
-V Display version information.
If no password method is specified, ipmitool will prompt the user for a password. If no password is entered at the prompt, the
remote server password will default to NULL.
Security
The ipmitool documentation highlights several security issues that should be considered before enabling the IPMI LAN
interface. A remote station has the ability to control a system’s power state as well as the ability to gather certain platform
information. To reduce vulnerability, it is strongly advised that the IPMI LAN interface only be enabled in trusted environments
where system security is not an issue, where there is a dedicated secure management network, or access has been provided
through a console server.
It is strongly advised you should not enable IPMI for remote access without setting a password and that the password should
not be the same as any other password on that system.
When an IPMI password is changed on a remote machine with the IPMIv1.5 lan interface, the new password is sent across
the network as clear text. This could be observed and then used to attack the remote system. As such, it is recommended that
IPMI password management only be performed over IPMIv2.0 lanplus interface or the system interface on the local station.
For IPMI v1.5, the maximum password length is 16 characters. Passwords longer than 16 characters will be truncated.
For IPMI v2.0, the maximum password length is 20 characters. Passwords longer than 20 characters will be truncated.
Commands
help This can be used to get command-line help on ipmitool commands. It may also be placed at the
end of commands to get option usage help.
ipmitool help Commands:
raw Send a RAW IPMI request and print response
lan Configure LAN Channels
chassis Get chassis status and set power state
event Send pre-defined events to MC
mc Management Controller status and global enables
sdr Print Sensor Data Repository entries and readings
sensor Print detailed sensor information
Loading ...
Loading ...
Loading ...