Syneto Knowledge

Open a ticket

How to disable IPMI MD2 authentication method

Administrator

Written By Christian Castagna (Administrator)

Updated at December 3rd, 2024

IPMI supports several types of authentication methods for remote control servers.

One of the supported authentication methods is MD2, currently considered cryptographically weak and potentially detectable through vulnerability scans. Therefore, it is recommended to disable it.

 

Step 1. Connect to VMware ESXi via SSH as root (replace <your_ip_address_or_hostname> with the correct ip)

ssh root@<your_ip_address_or_hostname>

 

Step 2. Run this command

/opt/syneto/bin/ipmitool lan print

EXAMPLE OUTPUT

Auth Type Enable        : Callback : MD2 MD5 PASSWORD 
                        : User     : MD2 MD5 PASSWORD 
                        : Operator : MD2 MD5 PASSWORD 
                        : Admin    : MD2 MD5 PASSWORD 
                        : OEM      : MD2 MD5 PASSWORD

 

Step 3. Remove MD2 as an authentication type

/opt/syneto/bin/ipmitool lan set 1 auth Callback MD5,PASSWORD
/opt/syneto/bin/ipmitool lan set 1 auth User MD5,PASSWORD
/opt/syneto/bin/ipmitool lan set 1 auth Operator MD5,PASSWORD
/opt/syneto/bin/ipmitool lan set 1 auth Admin MD5,PASSWORD
/opt/syneto/bin/ipmitool lan set 1 auth OEM MD5,PASSWORD

Related Articles

How to configure IPMI

This article provides information on how to configure IPMI. It is a web based int...

How to reset IPMI password

  Step 1.  Connect to VMware ESXi CLI (via SSH) ssh root@172.16.254.1   Step 2.  ...

How to access IPMI event logs

→ Applies to: IPMI firmware 01.01.24 → Applies to: IPMI firmware 03.17.02   Via G...

How to change IPMI network settings via GUI

  Step 1.  Login to IPMI GUI Step 2.  Access Configuration panel   Step 3.   Clic...