Installation Manual

ManualsBrandsTechMikeNY ManualsComputers & AccessoriesTechMikeNY High-End PowerEdge R620 Server 2X 2.90Ghz E5-2690 8C 384GB 8X 512GB SSD (Certified Refurbished)

111

112

113

114

115

116

117

118

119

120

Supported SSH Cryptography Schemes

To communicate with iDRAC7 using SSH protocol, it supports multiple cryptography schemes listed in the following

table.

Table 12. SSH Cryptography Schemes

Scheme Type Scheme

Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits per NIST

specification

Symmetric Cryptography

• AES256-CBC

• RIJNDAEL256-CBC

• AES192-CBC

• RIJNDAEL192-CBC

• AES128-CBC

• RIJNDAEL128-CBC

• BLOWFISH-128-CBC

• 3DES-192-CBC

• ARCFOUR-128

Message Integrity

• HMAC-SHA1-160

• HMAC-SHA1-96

• HMAC-MD5-128

• HMAC-MD5-96

Authentication Password

PKA Authentication Public-private key pairs

Using Public Key Authentication For SSH

iDRAC7 supports the Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA over SSH is

set up and used correctly, you need not enter the user name or password while logging into iDRAC7. This is useful for

setting up automated scripts that perform various functions. The uploaded keys must be in RFC 4716 or openssh format.

Else, you must convert the keys into that format.

In any scenario, a pair of private and public key must be generated on the management station. The public key is

uploaded to iDRAC7 local user and private key is used by the SSH client to establish the trust relationship between the

management station and iDRAC7.

You can generate the public or private key pair using:

•

PuTTY Key Generator

application for clients running Windows

•

ssh-keygen

CLI for clients running Linux.

CAUTION: This privilege is normally reserved for users who are members of the Administrator user group on

iDRAC7. However, users in the ‘Custom’ user group can be assigned this privilege. A user with this privilege can

modify any user’s configuration. This includes creation or deletion of any user, SSH Key management for users,

and so on. For these reasons, assign this privilege carefully.

CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure Users’ user privilege.

This privilege allows user(s) to configure another user's SSH key. You should grant this privilege carefully.

119