When working with Supermicro's IPMI/BMC systems, you'll typically encounter two distinct SSH access modes:
- Linux-like shell (preferred): Offers familiar commands like
ifconfig,reboot, and standard Unix utilities - SMASH-CLP shell: A restricted management shell with proprietary syntax (ATEN implementation)
Run this simple test after SSH login:
echo $SHELL
which lsLinux shells typically respond with /bin/sh or similar, while SMASH-CLP either errors or returns empty.
The shell type depends on both hardware generation and firmware version. For the mentioned motherboards:
| Model | Default Shell | Switchable? |
|---|---|---|
| X9DRW-iF | Varies by FW | Yes (v3.50+) |
| X9DRi-F | Mostly SMASH | Possible with mod |
| X9SCL-F | Linux | N/A |
Method 1: Firmware Update (Recommended)
Download the latest BMC firmware from Supermicro and update via web UI:
# Check current version first
ipmitool bmc infoMethod 2: Configuration Override
For some X9 models, edit the BMC configuration:
# If you currently have Linux shell access
vi /etc/ssh/sshd_config
# Add or modify:
Subsystem sftp /usr/libexec/sftp-server
Subsystem smash /bin/shMethod 3: IPMITOOL Command
For remote configuration when SSH isn't available:
ipmitool -I lanplus -H [BMC_IP] -U [USER] -P [PASS] raw 0x32 0x6a 0x20 0x00 0x00 0x00 0x01 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x46 0x01When stuck with SMASH-CLP, these equivalents may help:
| Linux | SMASH-CLP |
|---|---|
| ifconfig | show /system1/network1 |
| reboot | power /system1/reset |
| ps | show /system1/processors |
Create this bash script to detect and handle both shell types:
#!/bin/bash
BMC_IP="your.ipmi.ip"
USER="ADMIN"
PASS="yourpassword"
output=$(sshpass -p "$PASS" ssh -o StrictHostKeyChecking=no $USER@$BMC_IP "echo $SHELL" 2>&1)
if [[ $output == *"/bin/sh"* ]]; then
echo "Linux shell detected"
sshpass -p "$PASS" ssh $USER@$BMC_IP "reboot"
elif [[ $output == *"SMASH"* ]] || [[ $output == *"ATEN"* ]]; then
echo "SMASH-CLP detected"
sshpass -p "$PASS" ssh $USER@$BMC_IP "power /system1/reset"
else
echo "Unknown shell type"
exit 1
fi- Some newer firmware versions remove Linux shell entirely for security
- SMASH-CLP may be the only option on certain security-hardened deployments
- Always backup BMC configuration before making changes
While administering multiple Supermicro servers (X9DRW-iF, X9DRi-F, X9SCL-F), I've encountered inconsistent SSH behavior when accessing IPMI/BMC interfaces. Some systems provide a Linux-like shell with standard utilities (ifconfig, reboot), while others deploy the restricted ATEN SMASH-CLP shell lacking essential commands.
First, determine which shell your BMC implements. After SSH login, try these diagnostic commands:
# For Linux shell:
ls /bin
ifconfig bmc0
# For SMASH-CLP:
show /system1/network1
Supermicro's documentation scarcely mentions SSH access methods. The SMASH-CLP reference exists but lacks practical administration guidance.
On firmware versions supporting both shells, try forcing the Linux shell via:
ssh ADMIN@bmc_ip -t "/bin/sh -i"
Alternatively, modify the SSH daemon configuration if you have write access:
# Edit /etc/ssh/sshd_config
ForceCommand /bin/sh
When SMASH-CLP prevents direct reboots, alternative methods exist:
# IPMI tool method:
ipmitool -H bmc_ip -U ADMIN -P password mc reset cold
# Web API alternative:
curl -k "https://ADMIN:password@bmc_ip/cgi/ipmi.cgi" \
-d "op=bmc_reset&_="
Shell behavior often correlates with BMC firmware versions. Before upgrading:
# Check current version:
ipmitool mc info | grep "Firmware Revision"
Note that newer firmware doesn't guarantee Linux shell availability - test in staging first.
SMASH-CLP's limited functionality ironically reduces attack surface. If requiring Linux shell access:
- Implement strict firewall rules for BMC interfaces
- Rotate credentials after shell configuration changes
- Monitor SSH access logs via
/var/log/messages
For X9DRW-iF systems running SMASH-CLP, network configuration becomes:
set /system1/network1/nic1/ipv4/address1 ip=192.168.1.100
set /system1/network1/nic1/ipv4/gateway1 gateway=192.168.1.1
commit /system1/network1
The same configuration via Linux shell would be:
ifconfig bmc0 192.168.1.100 netmask 255.255.255.0 up
route add default gw 192.168.1.1