Users Guide
Supported SSH Cryptography Schemes
To communicate with CMC using SSH protocol, it supports multiple cryptography schemes listed in the
following table.
Table 30. : Cryptography Schemes
Scheme Type Scheme
Asymmetric Cryptography Diffie-Hellman DSA/DSS 512–1024 (random) bits per NIST
specification
Symmetric Cryptography
• AES256-CBC
• RIJNDAEL256-CBC
• AES192-CBC
• RIJNDAEL192-CBC
• AES128-CBC
• RIJNDAEL128-CBC
• BLOWFISH-128-CBC
• 3DES-192-CBC
• ARCFOUR-128
Message Integrity
• HMAC-SHA1-160
• HMAC-SHA1-96
• HMAC-MD5-128
• HMAC-MD5-96
Authentication Password
Configure Public Key Authentication over SSH
You can configure up to 6 public keys that can be used with the service username over SSH interface.
Before adding or deleting public keys, be sure to use the view command to see what keys are already set
up so that a key is not accidentally overwritten or deleted. The service username is a special user account
that can be used when accessing the CMC through SSH. When the PKA over SSH is set up and used
correctly, you need not enter username or passwords to log in to the CMC. This can be very useful to set
up automated scripts to perform various functions.
NOTE: There is no GUI support for managing this feature; you can only use RACADM.
When adding new public keys, ensure that the existing keys are not already at the index where the new
key is added. CMC does not perform checks to ensure previous keys are deleted before a new one is
added. As soon as a new key is added, it is automatically in effect as long as the SSH interface is enabled.
When using the public key comment section of the public key, remember that only the first 16 characters
are utilized by the CMC. The public key comment is used by the CMC to distinguish SSH users when
using the RACADM getssninfo command since all PKA users use the service username to log in.
For example, if two public keys are set up one with comment PC1 and one with comment PC2:
racadm getssninfo
Type User IP Address Login
179