[172164] in North American Network Operators' Group
Re: ipmi access
daemon@ATHENA.MIT.EDU (shawn wilson)
Mon Jun 2 09:22:14 2014
X-Original-To: nanog@nanog.org
In-Reply-To: <m2y4xfts46.wl%randy@psg.com>
From: shawn wilson <ag4ve.us@gmail.com>
Date: Mon, 2 Jun 2014 09:21:46 -0400
To: Randy Bush <randy@psg.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
On Mon, Jun 2, 2014 at 8:26 AM, Randy Bush <randy@psg.com> wrote:
>> I use OpenVPN to access an Admin/sandboxed network with insecure portals,
>> wiki, and ipmi.
>
> hmmmm. 'cept when it is the openvpn server's ipmi. but good hack. i
> may use it, as i already do openvpn. thanks.
>
So, kinda the same idea - just put IPMI on another network and use ssh
forwards to it. You can have multiple boxes connected in this fashion
but the point is to keep it simple and as secure as possible (and IPMI
security doesn't really count here :) ).
Kinda funny though - I've all of the findings have been for newer
IPMI. So, I had (have) an HP DL380g5 and didn't feel like resetting
the iLo2 password manually. Well, everything I could find for dumping
info from iLo was for iLo3... go figure. (I still wouldn't put it on
the net)
