Intel amtterm and amttool: authentication failed
by shivahoj from LinuxQuestions.org on (#55B4S)
Hello, I have an Intel Mainboard DQ67EP, that has a built-in management Engine(ME). This SHOULD provide me with serial Console and BIOS acces over LAN, (re-)boot , etc.
The Operating system( Debian 10 server, headless, no GUI ) has the IP 10.0.0.8, the ME has the IP 10.0.0.2 on the same RJ-45 Network port.
After setting up a Password in the ME config screen of the BIOS(Req'd: 8-32 Chars, Upper and Lower Chars, Numbers and Special Signs, like "P@assw0rd"), I can access the ME Web interface via http://10.0.0.2:16992. with the user "admin" and my "P@assw0rd".
but on the linux command line, I tried amtterm:
Code:dirk@hpmini:~/Downloads$ amtterm
This is amtterm, release 1.4, I'll establish
serial-over-lan (sol) connections to your Intel AMT boxes.
usage: amtterm [options] host [port]
options:
-h print this text
-v verbose (default)
-q quiet
-u user username (default: admin)
-p pass password (default: $AMT_PASSWORD)
By default port 16994 is used.
If no password is given amtterm will ask for one.
--
(c) 2007 Gerd Hoffmann <kraxel@redhat.com>
dirk@hpmini:~/Downloads$ amtterm -vvv 10.0.0.2 16992
AMT password for host 10.0.0.2:
amtterm: NONE -> CONNECT (connection to host)
ipv4 10.0.0.2 [10.0.0.2] 16992 open
amtterm: CONNECT -> INIT (redirection initialization)
amtterm: INIT -> ERROR (failure)
amtterm: ERROR: EOF from socket
dirk@hpmini:~/Downloads$ amtterm -vvv 10.0.0.2 16994
AMT password for host 10.0.0.2:
amtterm: NONE -> CONNECT (connection to host)
ipv4 10.0.0.2 [10.0.0.2] 16994 open
amtterm: CONNECT -> INIT (redirection initialization)
amtterm: INIT -> AUTH (session authentication)
amtterm: AUTH -> ERROR (failure)
amtterm: ERROR: session authentication failed
dirk@hpmini:~/Downloads$i also downloaded amttool-tng 1.7.3, (https://sourceforge.net/projects/amttool-tng/, which gives me this:
Code:dirk@hpmini:~/Downloads$ ./amttool
Useless use of concatenation (.) or string in void context at ./amttool line 3273.
amttool 1.7.3 Can talk to Intel AMT managed devices (SOAP-based version).
Usage: amttool [<params>] <hostname>[:<port>] <command> [help|<cmd_params>]
Parameters (before the hostname): --force|-f, --quiet|-q, --debug|-d, --ddebug|-dd
<command>:
help - detailed commands help (except remote control)
info - general,audit,remote info (default command when only hostname given)
net - iAMT device network administration
time - get/sync iAMT device time
user - access control management for an admin
uuser - user access control (set own passwd, del special permissions)
hwasset - prints hardware asset data
audit - Access Monitor/Audit (AMT ver. 4.0+)
event - platform events: configure, view log, subscribe
security - some commands from Security Administration interface
pwr_save - power saving management
redirect - IDE-Redirection settings and log
rem_control - remote power and boot control and info
Use 'amttool help' to get the full detailed help.
Environment variables:
AMT_USER - AMT username ('admin' if not set)
AMT_PASSWORD - AMT Password
AMT_VERSION - to skip AMT version check (no access to GeneralInfo realm, etc.)
AMT_TIMEOUT - set connection timeout
HTTP_proxy - link to proxy in format: http://[proxy_user:pass@]<proxy_addr>:<port>
dirk@hpmini:~/Downloads$ AMT_PASSWORD="P@assw0rd"
dirk@hpmini:~/Downloads$ ./amttool -dd 10.0.0.2:16994 info
Useless use of concatenation (.) or string in void context at ./amttool line 3273.
Use of uninitialized value $cmd in lc at ./amttool line 1858.
Use of uninitialized value $params[1] in lc at ./amttool line 1867.
## '10.0.0.2'
Use of uninitialized value $sub_cmd in lc at ./amttool line 1709.
Use of uninitialized value $cmd in lc at ./amttool line 1711.
--
Status read failed: Connection reset by peer at /usr/share/perl5/Net/HTTP/Methods.pm line 282.
--
FAULT: 500 Status read failed: Connection reset by peer
dirk@hpmini:~/Downloads$ ./amttool -dd 10.0.0.2:16992 info
Useless use of concatenation (.) or string in void context at ./amttool line 3273.
Use of uninitialized value $cmd in lc at ./amttool line 1858.
Use of uninitialized value $params[1] in lc at ./amttool line 1867.
## '10.0.0.2'
Use of uninitialized value $sub_cmd in lc at ./amttool line 1709.
Use of uninitialized value $cmd in lc at ./amttool line 1711.
--
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html><head><link rel=stylesheet href=styles.css>
<title>Intel® Standard Manageability</title>
</head>
<body leftmargin=0 rightmargin=0 topmargin=0>
<table border=0 cellpadding=0 cellspacing=0 width=100% height=69 background="/run.gif">
<tr> <td valign=top>
<img src="/logo.gif" align=right><br />
<font size=4 color=white><b> Intel<font class=r><sup>®</font></sup>Standard Manageability<br />
</table>
<br />
<h2 class=warn>Log on failed. Incorrect user name or password, or user account temporarily locked.</h2>
<p>
<form METHOD="GET" action="index.htm"><h2><input type=submit value="Try again">
</h2></form>
<p>
</body>
</html>
--
FAULT: 401 UnauthorizedThe html code in the second invocation is actually identical with what I see in the web browser, when I supply the ME login page with wrong credentials.
The latter program seems to have some issues, as indicated by the errors.
In both cases(amttool and amtterm) , even giving wrong passwords gives no other output.
I never used netcat or any sniffing tool to see what is going on, since I don't really know how to use them.
What am I doing wrong?
The Operating system( Debian 10 server, headless, no GUI ) has the IP 10.0.0.8, the ME has the IP 10.0.0.2 on the same RJ-45 Network port.
After setting up a Password in the ME config screen of the BIOS(Req'd: 8-32 Chars, Upper and Lower Chars, Numbers and Special Signs, like "P@assw0rd"), I can access the ME Web interface via http://10.0.0.2:16992. with the user "admin" and my "P@assw0rd".
but on the linux command line, I tried amtterm:
Code:dirk@hpmini:~/Downloads$ amtterm
This is amtterm, release 1.4, I'll establish
serial-over-lan (sol) connections to your Intel AMT boxes.
usage: amtterm [options] host [port]
options:
-h print this text
-v verbose (default)
-q quiet
-u user username (default: admin)
-p pass password (default: $AMT_PASSWORD)
By default port 16994 is used.
If no password is given amtterm will ask for one.
--
(c) 2007 Gerd Hoffmann <kraxel@redhat.com>
dirk@hpmini:~/Downloads$ amtterm -vvv 10.0.0.2 16992
AMT password for host 10.0.0.2:
amtterm: NONE -> CONNECT (connection to host)
ipv4 10.0.0.2 [10.0.0.2] 16992 open
amtterm: CONNECT -> INIT (redirection initialization)
amtterm: INIT -> ERROR (failure)
amtterm: ERROR: EOF from socket
dirk@hpmini:~/Downloads$ amtterm -vvv 10.0.0.2 16994
AMT password for host 10.0.0.2:
amtterm: NONE -> CONNECT (connection to host)
ipv4 10.0.0.2 [10.0.0.2] 16994 open
amtterm: CONNECT -> INIT (redirection initialization)
amtterm: INIT -> AUTH (session authentication)
amtterm: AUTH -> ERROR (failure)
amtterm: ERROR: session authentication failed
dirk@hpmini:~/Downloads$i also downloaded amttool-tng 1.7.3, (https://sourceforge.net/projects/amttool-tng/, which gives me this:
Code:dirk@hpmini:~/Downloads$ ./amttool
Useless use of concatenation (.) or string in void context at ./amttool line 3273.
amttool 1.7.3 Can talk to Intel AMT managed devices (SOAP-based version).
Usage: amttool [<params>] <hostname>[:<port>] <command> [help|<cmd_params>]
Parameters (before the hostname): --force|-f, --quiet|-q, --debug|-d, --ddebug|-dd
<command>:
help - detailed commands help (except remote control)
info - general,audit,remote info (default command when only hostname given)
net - iAMT device network administration
time - get/sync iAMT device time
user - access control management for an admin
uuser - user access control (set own passwd, del special permissions)
hwasset - prints hardware asset data
audit - Access Monitor/Audit (AMT ver. 4.0+)
event - platform events: configure, view log, subscribe
security - some commands from Security Administration interface
pwr_save - power saving management
redirect - IDE-Redirection settings and log
rem_control - remote power and boot control and info
Use 'amttool help' to get the full detailed help.
Environment variables:
AMT_USER - AMT username ('admin' if not set)
AMT_PASSWORD - AMT Password
AMT_VERSION - to skip AMT version check (no access to GeneralInfo realm, etc.)
AMT_TIMEOUT - set connection timeout
HTTP_proxy - link to proxy in format: http://[proxy_user:pass@]<proxy_addr>:<port>
dirk@hpmini:~/Downloads$ AMT_PASSWORD="P@assw0rd"
dirk@hpmini:~/Downloads$ ./amttool -dd 10.0.0.2:16994 info
Useless use of concatenation (.) or string in void context at ./amttool line 3273.
Use of uninitialized value $cmd in lc at ./amttool line 1858.
Use of uninitialized value $params[1] in lc at ./amttool line 1867.
## '10.0.0.2'
Use of uninitialized value $sub_cmd in lc at ./amttool line 1709.
Use of uninitialized value $cmd in lc at ./amttool line 1711.
--
Status read failed: Connection reset by peer at /usr/share/perl5/Net/HTTP/Methods.pm line 282.
--
FAULT: 500 Status read failed: Connection reset by peer
dirk@hpmini:~/Downloads$ ./amttool -dd 10.0.0.2:16992 info
Useless use of concatenation (.) or string in void context at ./amttool line 3273.
Use of uninitialized value $cmd in lc at ./amttool line 1858.
Use of uninitialized value $params[1] in lc at ./amttool line 1867.
## '10.0.0.2'
Use of uninitialized value $sub_cmd in lc at ./amttool line 1709.
Use of uninitialized value $cmd in lc at ./amttool line 1711.
--
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" >
<html><head><link rel=stylesheet href=styles.css>
<title>Intel® Standard Manageability</title>
</head>
<body leftmargin=0 rightmargin=0 topmargin=0>
<table border=0 cellpadding=0 cellspacing=0 width=100% height=69 background="/run.gif">
<tr> <td valign=top>
<img src="/logo.gif" align=right><br />
<font size=4 color=white><b> Intel<font class=r><sup>®</font></sup>Standard Manageability<br />
</table>
<br />
<h2 class=warn>Log on failed. Incorrect user name or password, or user account temporarily locked.</h2>
<p>
<form METHOD="GET" action="index.htm"><h2><input type=submit value="Try again">
</h2></form>
<p>
</body>
</html>
--
FAULT: 401 UnauthorizedThe html code in the second invocation is actually identical with what I see in the web browser, when I supply the ME login page with wrong credentials.
The latter program seems to have some issues, as indicated by the errors.
In both cases(amttool and amtterm) , even giving wrong passwords gives no other output.
I never used netcat or any sniffing tool to see what is going on, since I don't really know how to use them.
What am I doing wrong?