Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1609534.1
Update Date:2017-05-17
Keywords:
Solution Type  Technical Instruction Sure

Solution  1609534.1 :   Oracle Key Manager - Workaround for disabling ssh to KMA ELOM for security purposes  

Related Items 
    

  • Oracle Key Manager
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document


Goal


Solution


References

Created from <SR 3-8231082591>


Applies to:  

Oracle Key Manager - Version 2.0.0 and later
Information in this document applies to any platform.



Goal


 Some customer sites may want to disable ssh to an x2100/x2200 KMA's ELOM port for security reasons.  There is no procedure to disable ssh on an x2100/x2200 ELOM port, so the below workarounds have been made available.


Solution


 Options to disable x2100/x2200 KMA ELOM:

1) Set DHCP to disabled, and enter bogus data into IP settings.

–> set /SP/AgentInfo IpAddress=ipaddress
–> set /SP/AgentInfo NetMask=netmask
–> set /SP/AgentInfo Gateway=gateway
–> set /SP/AgentInfo DhcpConfigured=disable

2) Pull the ELOM network cable.

3) Engineering recommends:

Best thing to recommend is to have the ELOM on a secure management network, not on an open application or user network.


 


Customer site should also reference the following alert:



Sun Fire X2100/X2200 M2 Servers ELOM Software is Vulnerable to Arbitrary Command Execution (Doc ID 1000524.1)


References
<NOTE:1000524.1> - Sun Fire X2100/X2200 M2 Servers ELOM Software is Vulnerable to Arbitrary Command Execution



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback