Update iDRAC Cipher Suite with Redfish
View on GitHubUpdate iDRAC Cipher Suite with Redfish
How to do this is detailed in this article
You can obtain all of the iDRAC attributes with the below script:
import requestsimport jsonimport base64
# iDRAC Credentials and InformationIDRAC_IP = "YOUR_IP" # Change this to your iDRAC IPUSERNAME = "root"PASSWORD = "calvin"
# Redfish API Endpoint for iDRAC AttributesURL = f"https://{IDRAC_IP}/redfish/v1/Managers/iDRAC.Embedded.1/Attributes"
# Construct the Authentication Headerheaders = { "Authorization": "Basic " + base64.b64encode(f"{USERNAME}:{PASSWORD}".encode()).decode(), "Content-Type": "application/json"}
# Disable SSL warnings (iDRAC typically uses self-signed certificates)requests.packages.urllib3.disable_warnings()
# Send GET request to retrieve all attributestry: response = requests.get(URL, headers=headers, verify=False)
if response.status_code == 200: data = response.json() print("\nā
Successfully retrieved iDRAC attributes:\n") print(json.dumps(data, indent=4)) # Pretty print JSON response
# Extract Cipher Select related attributes print("\nš Cipher Select Related Settings:\n") for key, value in data.get("Attributes", {}).items(): if "Cipher" in key or "TLS" in key or "Encryption" in key: print(f"{key}: {value}")
else: print(f"\nā Failed to retrieve attributes. HTTP {response.status_code}") print("Response:", response.text)
except requests.exceptions.RequestException as e: print(f"\nā Error retrieving iDRAC attributes: {e}")You can change the cipher suite properties with the below. Simply change the string NEW_CIPHERS to whatever you need it to be.
import requestsimport jsonimport base64
# iDRAC Credentials and InformationIDRAC_IP = "YOUR_IP" # Change to your iDRAC IPUSERNAME = "root"PASSWORD = "calvin"
# Redfish API Endpoint for iDRAC AttributesURL = f"https://{IDRAC_IP}/redfish/v1/Managers/iDRAC.Embedded.1/Attributes"
# New Cipher String to ApplyNEW_CIPHERS = "aes256-gcm@openssh.com" # Change this to the desired cipher string
# Construct the Authentication Headerheaders = { "Authorization": "Basic " + base64.b64encode(f"{USERNAME}:{PASSWORD}".encode()).decode(), "Content-Type": "application/json"}
# Construct the JSON payload for updating the cipherspayload = { "Attributes": { "SSHCrypto.1.Ciphers": NEW_CIPHERS }}
# Disable SSL warnings (iDRAC typically uses self-signed certificates)requests.packages.urllib3.disable_warnings()
# Send PATCH request to update cipher settingstry: response = requests.patch(URL, headers=headers, data=json.dumps(payload), verify=False)
if response.status_code in [200, 204]: print("\nā
Successfully updated iDRAC SSH ciphers.") else: print(f"\nā Failed to update SSH ciphers. HTTP {response.status_code}") print("Response:", response.text)
except requests.exceptions.RequestException as e: print(f"\nā Error updating iDRAC SSH ciphers: {e}")Example output:
python.exe "update_cipher_suite.py"
ā
Successfully updated iDRAC SSH ciphers.
Process finished with exit code 0Here it is in PowerShell:
# iDRAC Credentials and Information$IDRAC_IP = "YOUR_IP" # Change this to your iDRAC IP$USERNAME = "root"$PASSWORD = "calvin"
# Redfish API Endpoint for iDRAC Attributes$URL = "https://$IDRAC_IP/redfish/v1/Managers/iDRAC.Embedded.1/Attributes"
# New Cipher String to Apply$NEW_CIPHERS = "aes256-gcm@openssh.com" # Change this to the desired cipher string
# Construct the Basic Authentication Header$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes("$USERNAME`:$PASSWORD"))$headers = @{ "Authorization" = "Basic $base64AuthInfo" "Content-Type" = "application/json"}
# Construct the JSON payload for updating the ciphers$body = @{ "Attributes" = @{ "SSHCrypto.1.Ciphers" = $NEW_CIPHERS }} | ConvertTo-Json -Depth 3
# Ignore SSL certificate errors (iDRAC often has a self-signed certificate)[System.Net.ServicePointManager]::ServerCertificateValidationCallback = { $true }
# Send PATCH request to update cipher settingstry { $response = Invoke-RestMethod -Uri $URL -Method Patch -Headers $headers -Body $body -ContentType "application/json"
Write-Host "`nā
Successfully updated iDRAC SSH ciphers." -ForegroundColor Green}catch { Write-Host "`nā Failed to update SSH ciphers." -ForegroundColor Red Write-Host "Error: $($_.Exception.Message)" if ($_.Exception.Response) { $errorResponse = $_.Exception.Response.GetResponseStream() $reader = New-Object System.IO.StreamReader($errorResponse) Write-Host "`nResponse:`n$($reader.ReadToEnd())" -ForegroundColor Yellow }}