Manualshelf

User guide

ManualsBrandsReach ManualsComputer equipmentDSS-ENC
11121314151617181920
18
have administrator privilege, an error message is displayed indicating that they do not have privileges.
On a Linux-based system, a user must log in as root on the system to have a right to run the local
RACADM utility. A user who can run Local RACADM is guaranteed to have administrator privilege to the
system. The administrator privilege level indicates that the user has full rights to manage iDRAC6.
SSH
The SSH service is enabled by default on iDRAC6. RACADM CLI can be run in SSH. The SSH service can be
disabled in the iDRAC6 configuration. iDRAC6 only supports SSH version 2 with DSA and the RSA host key
algorithm. A unique 1024-bit DSA and 1024-bit RSA host key is generated during the first time power-up
of iDRAC6 SSH.
SNMP
An SNMP agent runs on iDRAC6 by default. The iDRAC 6 SNMP agent is used by Dell OpenManage™ IT
Assistant or other management frameworks to discover the IDRAC 6 out-of-band service point. The
iDRAC6 only supports SNMP version 1. Since SNMP version 1 does not encrypt data and does not have a
strong authentication protocol, there could be security concerns about the data leaking from IDRAC 6
(for example, service tag of a system or IP address of iDRAC6).
NOTE: Dell strongly recommends using one of the following options to secure iDRAC6 from these
concerns:
If the IDRAC 6 SNMP agent is not being used in your environment, administrators can disable
The IDRAC 6 SNMP service.
Change the IDRAC 6 SNMP community name to secure their SNMP service. The default
IDRAC 6 SNMP community name is “public.”
Limit inbound SNMP access by only accepting specific client traffic by configuring the IDRAC 6
Allowed client IP address range.
Virtual Media
Virtual media is a powerful remote access feature that allows a remote user to use a remote
CD/floppy/image on the client side through the network. Administrators can use this feature for various
administrative tasks such as remote operating system installation, remote diagnostics, remote
driver/application software installation, and so on. A security authentication protocol is being used in
the virtual media connection when a user logs into iDRAC6 web server via HTTPS with virtual media
privilege and selects the virtual media tab. A request for a connection request command is sent to the
iDRAC6 firmware. The iDRAC6 firmware responds by sending a set of virtual media configuration
information along with an authentication key via the HTTPS (SSL encrypted) channel. The authentication
key is randomly generated and is 32 bytes long. To prevent replay attacks, the authentication key is a
one-time key and has its own limited lifetime. If a user selects an encrypted connection, the virtual
media client software starts a connection via an SSL channel and sends the authentication key to the
virtual media server for authentication. If the key passes the virtual media server authentication, a
virtual media session will be established. Otherwise, a fail authentication message will be sent back to