Table 11. SSH Cryptography Schemes
Scheme Type Scheme
Asymmetric Cryptography Diffie-Hellman DSA/DSS 512-1024 (random) bits
per NIST specification
Symmetric Cryptography • AES256-CBC
• RIJNDAEL256-CBC
• AES192-CBC
• RIJNDAEL192-CBC
• AES128-CBC
• RIJNDAEL128-CBC
• BLOWFISH-128-CBC
• 3DES-192-CBC
• ARCFOUR-128
Message Integrity • HMAC-SHA1-160
• HMAC-SHA1-96
• HMAC-MD5-128
• HMAC-MD5-96
Authentication Password
PKA Authentication Public-private key pairs
Using Public Key Authentication For SSH
iDRAC supports the Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA
over SSH is set up and used correctly, you need not enter the user name or password while logging into
iDRAC. This is useful for setting up automated scripts that perform various functions. The uploaded keys
must be in RFC 4716 or openssh format. Else, you must convert the keys into that format.
In any scenario, a pair of private and public key must be generated on the management station. The
public key is uploaded to iDRAC local user and private key is used by the SSH client to establish the trust
relationship between the management station and iDRAC.
You can generate the public or private key pair using:
PuTTY Key Generator application for clients running Windows
ssh-keygen CLI for clients running Linux.
CAUTION: This privilege is normally reserved for users who are members of the Administrator
user group on iDRAC. However, users in the ‘Custom’ user group can be assigned this privilege. A
user with this privilege can modify any user’s configuration. This includes creation or deletion of
any user, SSH Key management for users, and so on. For these reasons, assign this privilege
carefully.
CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure
Users’ user privilege. This privilege allows user(s) to configure another user's SSH key. You should
grant this privilege carefully.
134