Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Can IPMI/KVM IP be secured ?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Can IPMI/KVM IP be secured ?

HindiHindi Member
edited September 2019 in Help

Hello,

I got a server with IPMI.
Is it possible to secure the web accessible IPMI link ( http://123.123.123.11/index.html ) with SSL so that the Link is secured?

I understand that we can enhance the security using a firewall and making the access restricted to a certain IP.

My query is that is it possible to add ssl so that "not secure" in the browser is eliminated.

Please advise.

Comments

  • MikeAMikeA Member, Patron Provider

    It has an SSL option in the settings.

    Thanked by 1Hindi
  • agentmishraagentmishra Member, Host Rep

    yes offcoures, but why would you do that

    Thanked by 1Hindi
  • Hm, usually IPMI/KVM access is made via VPN. If it's open to the wide world - no SSL will save you from doom.

    Thanked by 1Hindi
  • dfroedfroe Member, Host Rep

    cf. your IPMI's manual.

    And as already mentioned, you should be more concerned about all those bad guys trying to hack your IPMI (bruteforce passwords or exploiting vulnerabilities) if it is exposed to the public internet. Please, don't do that, never ever. Put it in a dedicated network which is only accessible via VPN.

    Thanked by 1Hindi
  • @LTniger said:
    Hm, usually IPMI/KVM access is made via VPN. If it's open to the wide world - no SSL will save you from doom.

    Hii,

    The IPMI is actually already firewalled and has access ONLY to my static IP.
    But I simply want to remove the "not secure" in the address bar.> @MikeA said:

    It has an SSL option in the settings.

    Can You please guide me over this?

  • You could always set up an nginx reverse proxy with SSL if you absolutely must remove the browser warning and there's no way to enable SSL in the application itself.

    Thanked by 1ITLabs
  • jsgjsg Member, Resident Benchmarker

    It depends on the brand and firmware version.

    Additionally or alternatively - and strongly suggested anyway - have a firewall between the IPMI(s) and the internet and have the IPMI on a rfc1918 network.

    Btw, considering that most (all?) IPMIs are java based the desire to have a green addres bar is weird anyway. As it's also well known that BMCs (the controllers IPMI is based on) are a crappy mess (read: utterly insecure) the real question to ask is how to best fence off the IPMI and to **not rely on the IPMI "security" **.

    If you are talking about a hosted server that is under a providers control all bets are off anyway and your only real protection is the providers desire and capability to protect the IPMI.

  • Better use the internal network for ipmi and setup vpn then this will help a lot because keeping external ip for ipmi is not good idea

  • JordJord Moderator, Host Rep

    It would be better to use an internal network with VPN. It is much securer that way.

  • SpryServers_TabSpryServers_Tab Member, Host Rep

    Always secure OOB of ANY TYPE by using an INTERNAL network accessible by VPN ONLY!

    Thanked by 1Clouvider
  • ClouviderClouvider Member, Patron Provider

    @SpryServers_Tab said:
    Always secure OOB of ANY TYPE by using an INTERNAL network accessible by VPN ONLY!

    What he said. Yet so many people don’t do it Ceased to surprise me...

Sign In or Register to comment.