Security Working Group - Wednesday April 1 - highlights
Joseph Reynolds
jrey at linux.ibm.com
Sat Apr 4 02:47:42 AEDT 2020
On 4/2/20 1:44 PM, Joseph Reynolds wrote:
> On 3/31/20 11:21 AM, Joseph Reynolds wrote:
>> This is a reminder of the OpenBMC Security Working Group meeting
>> scheduled for this Wednesday April 1 at 10:00am PDT.
>>
> ...snip...
> For the near team (this year), we’ll work on allowing the admin to
> disable and enable services. For example, the admin can disable SSH
> and IPMI RMCP+, but will not have the capability offer RMCP+ to a
> network A but not network B.
> ...snip...
Does anyone have a requirement to allow the BMC admin to enable/disable
the SSH access to its [host serial console][]?
It seems to me this provides access equivalent to [IPKVM][], so if we
can disable IPKVM, we ought be be able to disable this.
I've asked Redfish to [Add SoL via SSH to ManagerNetworkProtocol][]. At
least one other Redfish user wants this feature.
- Joseph
[host serial console]:
https://github.com/openbmc/docs/blob/master/security/network-security-considerations.md#tcp-port-2200
[IPKVM]: https://github.com/openbmc/obmc-ikvm/blob/master/README.md
[Add SoL via SSH to ManagerNetworkProtocol]:
https://redfishforum.com/thread/268/add-sol-ssh-managernetworkprotocol
More information about the openbmc
mailing list