[Info-vax] rx8640 ILO MP port faulty?
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Mon Jun 12 13:11:55 EDT 2023
On 2023-06-12 15:53:20 +0000, pcoviello at gmail.com said:
> as an update to this I did update the cert, still haven't figured out
> how to download it, if it's even possible!
For ssh and certificates within iLO 2 itself, see page 45ff:
http://h10032.www1.hp.com/ctg/Manual/c00553302.pdf#page45
If it's generating its own self-signed cert as I'd expect by default,
that cert might need to be re-generated as some clients are getting
cranky about certificate details and lifetimes.
I haven't run parstatus, but it wouldn't surprise to learn it's based
on this: https://github.com/HewlettPackard/python-ilorest-library
As an alternative for remotely scripting iLO:
https://seveas.github.io/python-hpilo/index.html
And iLO 2 ssh connections will need a severe downgrade, as has been
discussed here before. I've previously posted a "sethost" ssh shell
script as an example of that too, and that script can be tailored for
other connections including (ugh) telnet.
Semi-related iLO "fun"...
An unfixed iLO 2 boo-boo:
https://support.hpe.com/hpesc/public/docDisplay?docId=emr_na-c04197764
To disable that access path: MP:CM> sa -lanipmi d
An iLO 4 boo-boo:
https://airbus-seclab.github.io/ilo/SSTIC2018-Slides-EN-Backdooring_your_server_through_its_BMC_the_HPE_iLO4_case-perigaud-gazet-czarny.pdf
curl -H "Connection: AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
(haven't tried this on iLO 2)
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list