Accessing Guardian Service Processor Internal Port
135
Accessing Guardian Service Processor Internal Port
The Guardian Service Processor (GSP) internal port can be used as a “back door” to reset security options in
case the GSP administrator password is forgotten, for example. It can also be used in order to upgrade the
GSP firmware from an HP-UX session. The internal port needs to be configured in order to use it.
NOTE Updating the Guardian Service Processor via the Internal Port is not supported on the HP
e3000 server.
1. On the system, the GSP internal port should be /dev/tty1p0.
2. SAM does not configure the GSP internal port.
3. If the device file is not present, it can be created as follows:
#cd/dev
#mknod tty1p0 c 1 0x010000
4. Since this allows unrestricted access to the GSP and bypasses GSP security features (no user or password
required). Make sure to delete this device file when you have finished using it.
5. The internal port can be accessed via terminal emulators such as cu. To use cu, you need the follow
entries (the entries must be exactly as shown):
/usr/lib/uucp/Systems needs the following entry:
gspiport Any;5 gspiport,f900 - ‘‘‘‘\r\d\r\d\r ogin:-BREAK-
ogin: uucp asswrd: uucp-BREAK-ogin: uucp asswrd: uucp
The spelling looks unusual, but it needs to be exactly as shown.
/usr/lib/uucp/Devices needs the following entry:
gspiport tty1p0 - 9600 direct
6. when all of the configuration is done, you should be able to access the GSP internal port with the cu
command:
cu-1/dev/tty1p0
7. To terminate the cu session, use “~.” [return]
8. Kermit can also be used to access the special device file. See the kermit web pages for details.
CAUTION Securing the /dev/tty1p0 device file with root capabilities will not prevent non-root users from
accessing the GSP internal port. This is due to the fact that cu and kermit carry root access and
run with the sticky bit enabled.
To secure the internal port from unauthorized use, be sure to remove the /dev/tty1p0 file after
using it.
