New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Can IPMI/KVM IP be secured ?
Hello,
I got a server with IPMI.
Is it possible to secure the web accessible IPMI link ( http://123.123.123.11/index.html ) with SSL so that the Link is secured?
I understand that we can enhance the security using a firewall and making the access restricted to a certain IP.
My query is that is it possible to add ssl so that "not secure" in the browser is eliminated.
Please advise.
Comments
It has an SSL option in the settings.
yes offcoures, but why would you do that
Hm, usually IPMI/KVM access is made via VPN. If it's open to the wide world - no SSL will save you from doom.
cf. your IPMI's manual.
And as already mentioned, you should be more concerned about all those bad guys trying to hack your IPMI (bruteforce passwords or exploiting vulnerabilities) if it is exposed to the public internet. Please, don't do that, never ever. Put it in a dedicated network which is only accessible via VPN.
Hii,
The IPMI is actually already firewalled and has access ONLY to my static IP.
But I simply want to remove the "not secure" in the address bar.> @MikeA said:
Can You please guide me over this?
You could always set up an nginx reverse proxy with SSL if you absolutely must remove the browser warning and there's no way to enable SSL in the application itself.
It depends on the brand and firmware version.
Additionally or alternatively - and strongly suggested anyway - have a firewall between the IPMI(s) and the internet and have the IPMI on a rfc1918 network.
Btw, considering that most (all?) IPMIs are java based the desire to have a green addres bar is weird anyway. As it's also well known that BMCs (the controllers IPMI is based on) are a crappy mess (read: utterly insecure) the real question to ask is how to best fence off the IPMI and to **not rely on the IPMI "security" **.
If you are talking about a hosted server that is under a providers control all bets are off anyway and your only real protection is the providers desire and capability to protect the IPMI.
Better use the internal network for ipmi and setup vpn then this will help a lot because keeping external ip for ipmi is not good idea
It would be better to use an internal network with VPN. It is much securer that way.
Always secure OOB of ANY TYPE by using an INTERNAL network accessible by VPN ONLY!
What he said. Yet so many people don’t do it Ceased to surprise me...