Machine/justice: Difference between revisions

Line 19:

== Management ==

The two servers have ~~awful~~ SMT management cards from Supermicro:

The two servers have SMT management cards from Supermicro with a seriously awful web interface:

* [http://justice-mng.sugarlabs.org/ justice-mng.sugarlabs.org]

* [http://freedom-mng.sugarlabs.org/ freedom-mng.sugarlas.org]

Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).

Of course you need a separate account. Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).

Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox. I suspect a bug in their http POST implementation :-(

'''Use a long, non guessable password, but not one you're using elsewhere. This firmware used to have a backdoor which would trivially reveal all passwords in plaintext via telnet! Also, login uses unencrypted http.'''

It's also possible to talk to the management card from Linux using ipmitool.

Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding. There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox (error: "413 - Request Entity Too Large"). I suspect a bug in their http POST implementation :-(

== Software ==

@@ Line 19: / Line 19: @@
 == Management ==
-The two servers have awful SMT management cards from Supermicro:
+The two servers have SMT management cards from Supermicro with a seriously awful web interface:
 * [http://justice-mng.sugarlabs.org/ justice-mng.sugarlabs.org]
 * [http://freedom-mng.sugarlabs.org/ freedom-mng.sugarlas.org]
-Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).
+Of course you need a separate account. Full KVM support requires the Java browser plugin (yuck!), so we mostly use them for the big reset button in case a server hangs (it happened about once per year).
-Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding.  There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox. I suspect a bug in their http POST implementation :-(
+'''Use a long, non guessable password, but not one you're using elsewhere. This firmware used to have a backdoor which would trivially reveal all passwords in plaintext via telnet! Also, login uses unencrypted http.'''
+It's also possible to talk to the management card from Linux using ipmitool.
+Both cards are running firmware version 3.16, which patched a huge backdoor that would trivially reveal all passwords in plaintext. No kidding.  There's a [https://www.supermicro.com/support/resources/bios_ipmi.php?vendor=2&keywords=H8S newer firmware version], but attempts to update to it failed with both Chrome and Firefox (error: "413 - Request Entity Too Large"). I suspect a bug in their http POST implementation :-(
 == Software ==