|
Dobrica Pavlinušić's random unstructured stuff
Dell RAC: Revision 10
{file: DellRemoteAccessController5Security.Pdf}
{file: DellRemoteAccessController4Security.Pdf} {toc} I will try to collect useful protocol information about Dell's (actually ""<>) RAC protocol My main goal is to use Dell RAC from Linux, without all troubles described in "my blog post"<http://blog.rot13.org/2009/12/dells_rac_support_under_linux_drek.html> ^ Proprietary ports | Port | Protocol | Type | Ver | Enc | Direction | Usage | Configurable | | 3668 | Proprietary | TCP | 1.0 | None | In/Out | CD/diskette virtual media service | Yes | | 3669 | Proprietary | TCP | 1.0 | 128-bit SSL | In/Out | CD/diskette virtual media service | Yes | | 5900 | Proprietary | TCP | 1.0 | 128-bit SSL | In/Out | Video redirection | Yes | | 5901 | Proprietary | TCP | 1.0 | 128-bit SSL | In/Out | Keyboard/Mouse redirection | Yes | ^ Supported SSL Cipher Suites DRAC 5 supports SSL version 3 and TLS version 1.0. The following are ciphers supported on DRAC 5: * SSL_RSA_WITH_RC4_128_MD5 * SSL_RSA_WITH_RC4_128_SHA * SSL_RSA_WITH_3DES_EDE_CBC_SHA * SSL_RSA_WITH_3DES_EDE_CBC_MD5 * TLS_RSA_WITH_AES_128_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA ^ IPMI RMCP+ Encryption DRAC 5 IPMI over LAN and SOL use RMCP+ for Authentication and Key exchange. For details on the RMCP+ protocol, see the IPMI 2.0 specification. DRAC 5 IPMI supports the following encryption algorithms: * AES-CBC-128 (128-bit AES with CBC) * RC4-128 (128-bit RC4) ^ Console Redirection Security ^^ Authentication and Encryption DRAC 5 can continuously redirect the managed system's video, keyboard and mouse (KVM) to the management station. It is a very powerful feature, is very easy to use, and does not require any software installation on the managed system. A user can access this feature to remotely manage the system as if they were sitting in front of the system. A security authentication and encryption protocol has been implemented in console redirection to prevent a hostile, rogue client from breaking into the console redirect path without authenticating though the web server. 128-bit SSL encryption secures the keyboard keystrokes during the remote console redirection and therefore does not allow unauthorized "snooping" of the network traffic. The following sequence of security protocol operations is performed during the establishment of a console redirection session: # A user logs into the main web GUI then clicks the "Open Consoles" tab. # The Web GUI sends a pre-authentication request to the DRAC 5 web server via the HTTPS channel (SSL encrypted). # The DRAC 5 web server returns a set of secret data (including an encryption key) via the SSL channel. The console redirection authentication key (32 bytes long) is dynamically generated to prevent replay attack. # The Console redirection client sends a login command with an authentication key to a console redirection server keyboard/mouse port for authentication via SSL channel. # If authentication is successful, a console redirection session and two console redirection pipes (one for keyboard/mouse and one for video) are established. The keyboard/mouse pipe is always SSL encrypted. The video pipe encryption is optional. (Users can choose to encrypt or not to encrypt the video pipe before they start their console redirection session). ^ Video redirection .pre dpavlin@t61p:~/t61p/dell-rac$ head -c 16 full > key.16 dpavlin@t61p:~/t61p/dell-rac$ openssl enc -aes-128-cbc -k key < full | hd | head 00000000 53 61 6c 74 65 64 5f 5f ec f1 d0 99 d8 35 50 cc |Salted__.....5P.| 00000010 e6 d2 21 44 2b 54 13 15 79 e8 d3 ce 8d 8f 47 b1 |..!D+T..y.....G.| 00000020 70 2b 7a f5 81 65 50 68 77 d7 c8 9f cd 2a 8f a0 |p+z..ePhw....*..| 00000030 50 10 4d 4d c9 d1 1d 16 cb e1 14 31 79 8a 3a e3 |P.MM.......1y.:.| 00000040 82 23 6e 2c b7 eb c9 c9 4c 08 a5 89 9a 4a 0b ce |.#n,....L....J..| 00000050 93 56 d0 4b 3e 03 da 95 54 40 15 3f 3f 8f 23 f3 |.V.K>...T@.??.#.| 00000060 c3 a2 79 3f 04 be 94 04 61 c2 d3 79 7c 9e f1 f7 |..y?....a..y|...| 00000070 b4 a7 86 ba a2 eb 21 85 23 84 4d 67 9f b1 bf 24 |......!.#.Mg...$| 00000080 cb 97 83 29 b0 6e b1 67 72 1d 5b f1 a3 1c ce 60 |...).n.gr.[....`| 00000090 65 d7 be d7 4a cf d3 70 69 ce a6 e9 c9 3b 04 3e |e...J..pi....;.>| .pre |