nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: What are folks using for serial consoles these days?

From: heasley via NANOG <nanog () lists nanog org>
Date: Wed, 24 Dec 2025 17:12:56 +0000
Wed, Dec 24, 2025 at 09:58:34AM +0200, Saku Ytti:

Personally, I don't care about BMC security, it's not important.
People are asking it to be CLI only, it was, so was CMP, BMC and CMP
were what we wanted, we just didn't bother figuring it out.


bs, saku.  complexity and cost of bmcs are not valid arguments imo,
but security must be addressed, as must usability and compatability.
It is not sufficient to isolate the bmc network; if it is accessible
to you, then it is accessible to other internal threats, whatever
their motivation.

Ignoring FIPS bs, to which some are subjected; if the mfg never
supplies updates or the owner never applies them, it could have
security issues or issues that affect your use/mgmt of it.  eg: only
supports 3des-cbc.

yet, if it can be disabled or simply not connected to the network,
the security issue is mostly addressed, and voids the security
argument.

SMC literally creates a BMC & its s/w version, it is added to many
models, and is unlikely to ever receive an update.  Any bugs or holes
are yours to cherish for the duration of the product's life.  To name
a few SMC gems: java, OoD java, backdoors, EoL ssh ciphers, ...

I want the bmc, and a list of features.  Minimally, it seems very
reasonable to ask that bugs be fixed, bundled s/w be updated, and an
automatable update procedure be supplied (that does not require
rebooting the host).

They're super useful for the lab & testing too.

And, yes, some are cli, but far from all.  The gui ones are really
terrible.  Not just network gear, all devices.
_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/VIWQV7DCWGGIHGOV774NSM3ZVAPHFKVQ/
Previous By Date Next
Previous By Thread Next

Current thread: