Users Guide

ManualsBrandsDell ManualsActive System ManageriDRAC8 with Lifecycle Controller Version 2.05.05.05

101

102

103

104

105

106

107

108

109

110

Supported SSH Cryptography Schemes

To communicate with iDRAC using SSH protocol, it supports multiple cryptography schemes listed in the following table.

Table 11. SSH Cryptography Schemes

Scheme Type Scheme

Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST

specification

Symmetric Cryptography • AES256-CBC

• RIJNDAEL256-CBC

• AES192-CBC

• RIJNDAEL192-CBC

• AES128-CBC

• RIJNDAEL128-CBC

• BLOWFISH-128-CBC

• 3DES-192-CBC

• ARCFOUR-128

Message Integrity • HMAC-SHA1-160

• HMAC-SHA1-96

• HMAC-MD5-128

• HMAC-MD5-96

Authentication Password

PKA Authentication Public-private key pairs

Using Public Key Authentication For SSH

iDRAC supports the Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA over SSH is set up and used

correctly, you need not enter the user name or password while logging into iDRAC. This is useful for setting up automated scripts that

perform various functions. The uploaded keys must be in RFC 4716 or openssh format. Else, you must convert the keys into that format.

In any scenario, a pair of private and public key must be generated on the management station. The public key is uploaded to iDRAC local

user and private key is used by the SSH client to establish the trust relationship between the management station and iDRAC.

You can generate the public or private key pair using:

• PuTTY Key Generator application for clients running Windows

• ssh-keygen CLI for clients running Linux.

CAUTION:

This privilege is normally reserved for users who are members of the Administrator user group on iDRAC.

However, users in the ‘Custom’ user group can be assigned this privilege. A user with this privilege can modify any

user’s configuration. This includes creation or deletion of any user, SSH Key management for users, and so on. For

these reasons, assign this privilege carefully.

CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure Users’ user privilege. This

privilege allows user(s) to configure another user's SSH key. You should grant this privilege carefully.

Generating Public Keys for Windows

To use the PuTTY Key Generator application to create the basic key:

1. Start the application and select either SSH-2 RSA or SSH-2 DSA for the type of key to generate. (SSH-1 is not supported). The

supported key generation algorithms are RSA and DSA only.

2. Enter the number of bits for the key. For RSA, it is between 768 and 4096 bits and for DSA, it 1024 bits.

3. Click Generate and move the mouse in the window as directed.

The keys are generated.

Setting Up iDRAC Communication

109