Table 11. SSH Cryptography Schemes

Scheme Type

Scheme

 

 

Asymmetric Cryptography

Diffie-Hellman DSA/DSS 512-1024 (random) bits

 

per NIST specification

Symmetric Cryptography

AES256-CBC

 

RIJNDAEL256-CBC

 

AES192-CBC

 

RIJNDAEL192-CBC

 

AES128-CBC

 

RIJNDAEL128-CBC

 

BLOWFISH-128-CBC

 

3DES-192-CBC

 

ARCFOUR-128

Message Integrity

HMAC-SHA1-160

 

HMAC-SHA1-96

 

HMAC-MD5-128

 

HMAC-MD5-96

Authentication

Password

PKA Authentication

Public-private key pairs

Using Public Key Authentication For SSH

iDRAC supports the Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA over SSH is set up and used correctly, you need not enter the user name or password while logging into iDRAC. This is useful for setting up automated scripts that perform various functions. The uploaded keys must be in RFC 4716 or openssh format. Else, you must convert the keys into that format.

In any scenario, a pair of private and public key must be generated on the management station. The public key is uploaded to iDRAC local user and private key is used by the SSH client to establish the trust relationship between the management station and iDRAC.

You can generate the public or private key pair using:

PuTTY Key Generator application for clients running Windows

ssh-keygenCLI for clients running Linux.

CAUTION: This privilege is normally reserved for users who are members of the Administrator user group on iDRAC. However, users in the ‘Custom’ user group can be assigned this privilege. A user with this privilege can modify any user’s configuration. This includes creation or deletion of any user, SSH Key management for users, and so on. For these reasons, assign this privilege carefully.

CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure Users’ user privilege. This privilege allows user(s) to configure another user's SSH key. You should grant this privilege carefully.

134

Page 134
Image 134
Dell iDRAC8 manual Using Public Key Authentication For SSH, HMAC-SHA1-96