Tripp Lite B092-016 Owner's Manual page 233

Chapter 15: Advanced Configuration
-H <address> Remote server address can be an IP address or hostname. This option is required for lan and lanplus
interfaces.
-I <interface> Selects IPMI interface to use. Supported interfaces that are compiled in and visible in the usage help
output.
-L <privlvl> Force session privilege level. Can be CALLBACK, USER, OPERATOR, ADMIN. Default is ADMIN.
-m <local_address> Set the local IPMB address. The default is 0x20 and there should be no need to change it for normal
operation.
-o <oemtype> Select OEM type to support. This usually involves minor hacks in place in the code to work around
quirks in various BMCs from various manufacturers. Use -o list to see a list of current supported OEM
types.
-p <port> Remote server UDP port to connect to. Default is 623.
-P <password> Remote server password is specified on the command line. If supported, it will be obscured in the
process list. Note! Specifying the password as a command line option is not recommended.
-t <target_address> Bridge IPMI requests to the remote target address.
-U <username>
Remote server username, default is NULL user.
-v Increase verbose output level. This option may be specified multiple times to increase the level of
debug output. If given three times, you will get hexdumps of all incoming and outgoing packets.
-V Display version information.
If no password method is specified, then ipmitool will prompt the user for a password. If no password is entered at the prompt,
the remote server password will default to NULL.
SECURITY
The ipmitool documentation highlights that there are several security issues to be considered before enabling the IPMI LAN
interface. A remote station has the ability to control a system's power state as well as being able to gather certain platform
information. To reduce vulnerability, it is strongly advised that the IPMI LAN interface only be enabled in 'trusted' environments
where system security is not an issue or where there is a dedicated secure 'management network' or access has been provided
through an Console Server.
Further, it is strongly advised that you should not enable IPMI for remote access without setting a password, and that the
password should not be the same as any other password on that system.
When an IPMI password is changed on a remote machine with the IPMIv1.5 lan interface, the new password is sent across the
network as clear text. This could be observed and then used to attack the remote system. It is thus recommended that IPMI
password management only be done over IPMIv2.0 lanplus interface or the system interface on the local station.
For IPMI v1.5, the maximum password length is 16 characters. Passwords longer than 16 characters will be truncated.
For IPMI v2.0, the maximum password length is 20 characters; longer passwords are truncated.
233