Public key authentication | Fujitsu IRMC S2/S3 specification

Local user management for the iRMC S2/S3

4.3.3SSHv2 public key authentication for iRMC S2/S3 users

In addition to authentication by means of a user name and password, the iRMC S2/S3 also supports SSHv2-based public key authentication using pairs of public and private keys for local users. To implement SSHv2 public key authentication, the SSHv2 key of an iRMC S2/S3 user is uploaded to the iRMC S2/S3 and the iRMC S2/S3 user uses their private key with the program PuTTY or the OpenSSH client program ssh, for example.

The iRMC S2/S3 supports the following types of public keys:

–SSH DSS (minimum requirement)

–SSH RSA (recommended)

The public SSHv2 keys that you upload to the iRMC S2/S3 can be available either in RFC4716 format or in OpenSSH format (see page 84).

Public key authentication

In outline, public key authentication of a user on the iRMC S2/S3 happens as follows:

The user who wishes to log into the iRMC S2/S3 creates the key pair:

–The private key is read-protected and remains on the user's computer.

–The user (or administrator) uploads the public key to the iRMC S2/S3.

If the configuration allows this, the user can now log into the iRMC S2/S3 extremely securely and without the need to enter a password. The user is only responsible for keeping their private key secret.

The following steps are necessary to set up private key authentication. They are described in the subsequent sections:

1.Creating the public and private SSHv2 keys with the program PuTTYgen or ssh-keygenand saving them in separate files (see page 73).

2.Loading the public SSHv2 key onto the iRMC S2/S3 from a file (see page 77).

3.Configuring the program PuTTY or ssh for SSHv2 access to the iRMC S2/S3 (see page 79).

72	iRMC S2/S3

Image 72

Fujitsu IRMC S2/S3 manual SSHv2 public key authentication for iRMC S2/S3 users, Public key authentication

Contents

User Guide English Edition July Comments… Suggestions… Corrections… Copyright and TrademarksCertified documentation according to DIN EN ISO Contents Contents Configuring and using the serial interface IRMC S2/S3 Menus of the AVR window Structure of the user interface System Event Log and Internal Event Log Remote Storage 354 Appendix Ipmi OEM Commands supported by the iRMC S2/S3 Preface Service Purpose and target groups of the manualPurpose and target groups of the manual Other information Power management Functions of the iRMC S2/S3 overviewFunctions of the iRMC S2/S3 Standard functions of the iRMC S2/S3 Functions of the iRMC S2/S3 LAN DNS / Dhcp Extended functionality of the iRMC S2/S3 CD ROM DVD ROM Communication interfaces of the iRMC S2/S3 Communication interfaces of the iRMC S2/S3IRMC S2/S3 provides the following communication interfaces IRMC S2/S3 web interface web interface Communication protocols used by the iRMC S2/S3 Communication protocols used by the iRMC S2/S3 Ipmi technical background Ipmi technical backgroundIntelligent Platform Management Objective Ipmi technical background Advantage Ipmi and other management standardsPage Ipmi technical background Ipmi technical background IPMI-over-LAN Serial Over LAN interface SOL BMC and LAN controller Channel concept under Ipmi BMC and SOL Dcmi Data Center Management Interface Data Center Management Interface Dcmi User identificationsReferences Changes since the previous versions of the manual Changes compared with the previous version Power Consumption Options iRMC S3 only Changes compared with the previous version Access to the link collection ServerView Suite link collection Documentation for ServerView Suite Documentation for the ServerView Suite Notational conventions Notational conventionsVWarning Notational conventions Requirements On the remote workstationYour network IRMC S2/S3 factory defaults IRMC S2/S3 factory defaultsDefault administrator ID Default Dhcp name of the iRMC S2/S3 Logging into the iRMC S2/S3 web interface Logging into the iRMC S2/S3 web interfacePage Configuring the LAN interface of the iRMC S2/S3 Following tools are available for configuring the iRMC S2/S3 Configuring the LAN interface of the iRMC S2/S3 PrerequisitesConnected to the correct LAN port? Configuring the LAN interface Configuration tools Access from a different subnet Configuring the LAN interface of the iRMC S2/S3 Configure the following settings Set the value to Enabled IRMC LAN Parameters Configuration Menu IRMC S2/S3 Testing the LAN interface Test the connection to the iRMC S2/S3 with a ping commandYou can test the LAN interface as follows Configuring text console redirection via LAN Configuring text console redirection for the iRMC S2 Settings in the Peripheral Configuration menuCall the Peripheral Configuration menu Accept the first value pair proposed Set the value to Serial Specify the baud rate Console redirection is terminated after the Bios Post phase Set the value to On-board COM a Exiting the Bios / TrustedCore setup utility Configuring text console redirection for the iRMC S3 Make the following settingsSet the value to iRMCS3 Make the following settings in the Console Redirection menu Exiting the Uefi setup utilitySave your settings and exit the Uefi setup utility DOS Windows Server 2003 Configuring text console redirection via LAN Linux Settings requiredSettings may differ between program versions Add the following line to the end of the file /etc/inittab Configuring and using the serial interface of the iRMC S2/S3 Configuring the serial interface of the iRMC S2 Data bits Parity None Stop bits Flow Control Configuring the serial interface using of the iRMC S3 Serial Port Using the Remote Manager Serial interface PrerequisitesOn the managed server Set the value to Configuring the LAN parameters Configuring the LAN settingsConfiguring ports and network services Configuring DHCP/DNS Dynamic DNS Configuring alerting Configuring text console redirectionConfiguring alert forwarding over Snmp Configuring email notification email alerting User management for the iRMC S2/S3 User management concept for the iRMC S2/S3 Concept Concept User permissions User permissions Configure User Accounts Configure iRMC S2/S3 SettingsVideo Redirection Enabled Remote Storage Enabled Local user management using the iRMC S2/S3 web interface Showing the list of configured usersLocal user management for the iRMC S2/S3 Local user management for the iRMC S2/S3 Local user management via the Server Configuration Manager Modifying the configuration of a userDeleting users Prerequisite SSHv2 public key authentication for iRMC S2/S3 users Public key authentication Creating the public and private SSHv2 keys with PuTTYgen Bild 21 PuTTYgen Creating a new key pair progress bar Proceed as follows Local user management for the iRMC S2/S3 IRMC S2/S3 Click Upload to load the public key onto the iRMC S2/S3 Bild 25 PuTTY Selecting and loading an SSH session Bild 26 PuTTY Loading an SSH session IPlease note Local user management for the iRMC S2/S3 User Example Public SSHv2 key Public SSHv2 key in RFC4716 formatPublic SSHv2 key in OpenSSH format Advanced Video Redirection AVR Requirements Check the AVR settings Graphics mode settings on the managed serverResolution Refresh rates Maximum Color depth Bits Prerequisites Supported text mode Keyboard settings Using AVR Using AVR Using a low bandwidth Parallel AVR sessions Local monitor is on, but can be switched off Local monitor is off, but can be switched onLocal Monitor Off function Redirecting the keyboard Special key combinationsIntegrated special keys Left Ctrl key corresponds to the Ctrl key on your keyboard Caps lock corresponds to the Caps Lock key on your keyboard Virtual keyboard Using AVR Secure Keyboard Redirecting the mouseSynchronizing the mouse pointer Using AVR Proceed as follows Open a DOS prompt window Proceed as follows to adjust the mouse pointer Choose Click the OK button to save the settingsThis opens the following window Set the Pointer Speed to a medium value Properties ... Troubleshooting Hardware acceleration KDE You make permanent settings as follows for KDE Mouse Control Center window IRMC S2/S3 Set the following values in the Mouse Control Center window Menus of the AVR window Menus of the AVR window101 Extras menu You can select the following functions in the Extras menuVirtual Keyboard window opens see on Refreshes the display of the local monitor state Refreshes the AVR window 103 Terminate another AVR session List of current AVR sessions appearsTerminate your own AVR session 104 Remote Storage menu 105 Power Control menu Switches the server on Languages menu 107 Default setting Absolute Mode 108 Preferences menu Default No lower bandwidth Bpp color depth 8 colorsBpp color depth 256 colors 109Page Remote Storage 111 IRMC S2/S3 Providing remote storage at the remote workstation Providing remote storage at the remote workstation113 Starting Remote Storage This opens the AVR window Menu bar in the AVR window, choose 115 Storage Devices dialog box Storage Devices dialog box Provision of storage media for emote Storage 117 118 Add Storage Device dialog Selecting the storage medium 119 120 Connecting storage media as remote storage 121 122 123 Connection Type dialog Assignment to USB 1.1 and USB Clearing Remote Storage connections Click Disconnect to clear all Remote Storage connections125 Removing the storage medium Storage Devices dialog Removing a Remote Storage medium Booting from WinPE 2.x-based ISO images Providing remote storage via a Remote Storage serverProviding remote storage via a Remote Storage server Remote Storage server is available for Windows systems Installing the Remote Storage server Executing the Remote Storage server as a service Remote Storage server execution modes129 Configuring, starting and exiting the Remote Storage server Calling the Remote Storage server’s raphical user interface130 131 Click the Apply button to activate your settings 132 Exiting the Remote Storage server 133 134 IRMC S2/S3 web interface 135 Logging into the iRMC S2/S3 web interface User configuration details on 137 Required user permissions Required user permissions138 139 Set firmware selector 140 141 Open/edit the Email Alerting Open/edit the iRMC S2/S3 User 142 Structure of the user interface Structure of the user interfaceIRMC S2/S3 web interface is structured as follows 143 Navigation area 144 145 System Information Information on the server 146 System Overview General information on the server 147 Informs about the server‘s Global Error LED Informs about the server’s CSS Customer Self Service LEDSystem Information Information on the server System Status 148 Asset Tag Configuration 149 System Information lists information on the managed server Operating System Information Current Overall Power Consumption This option is not supported for all Primergy servers151 152 System CPU Information 153 Cancels your selection Selects all memory modulesApplies the selected action to the selected memory modules 154 Bios Backing up/restore Bios settings, flashing Bios Bios Backing up/restore Bios settings, flashing BiosBios entry contains the links to the following pages 155 Edit Filename Request Bios Parameter Backup 157 Apply Bios Updating Bios via upload from file or via 159 Updating Bios Tftp download successfully finished Bios Information 161 File in which the Bios image is stored Bios Update Settings page Bios Update from File Vcaution 163 IRMC S2/S3 Information, firmware and certificates IRMC S2/S3 Information, firmware and certificatesIRMC S2/S3 entry contains the links to the following pages 164 IRMC S2/S3 Information Information on the iRMC S2/S3 165 Active Session Information 166 You can purchase the license key Miscellaneous iRMC S2/S3 Options167 Temperature Units Save iRMC S2/S3 Firmware Settings Save firmware settings Always save the setting using169 Save iRMC S2/S3 firmware settings Click Save to save the selected settingsClick Save All to save all the settings 170 171 IRMC S2/S3 Information, firmware and certificates 173 Certificate Upload IRMC S2/S3 174 175 Loading a CA certificate from a local file You do this using the group 177 Entering the DSA/RSA certificate/private Dsarsa key directly 179 Generate a self-signed RSA Certificate IRMC S2/S3 No explicit reset of the iRMC S2/S3 is required 180 Certificate Creation IRMC S2/S3 Firmware Update 181 Most recently updated firmware image is selected Least recently updated firmware image is selectedLow firmware image is selected High firmware image is selected Inactive firmware is automatically selected Low firmware image firmware image 1 is selectedHigh firmware image firmware image 2 is selected 183 Updates the runtime firmware Updates the SDR recordIRMC S2/S3 Tftp Settings 185 Power Management Power Management186 Power On/Off power the server up/down Power Status Summary187 Power Management Boot Options Power Management Boot Options Power On/Off page, Restart server is powered up 189 Graceful Power Off Shutdown Power Options Configuring power management for the server 191 Server always remains powered down after a power outage Server is always powered up again after a power outage Power Options page, Power On/Off Time IRMC S2/S3 193 Power Management Watt Technology Please note 194 ASR&R 195 Power Options page, 0 Watt Technology Administration window Defines the beginning hhmm of the time interval 196 197 Power Supply Info 198 Power Consumption Power Consumption199 Power Limit Options group is also displayed see 200 Power Consumption Configuration Power Consumption Power Consumption Options Unit of electrical power used to display power consumption201 Scheduled Power Consumption Configuration Power Consumption Configuration page scheduled 203 Power Limit Options Maximum power consumption in Watts 204 Shut down the system gracefully and power it down No action is performed205 Current Power Consumption Show the current power consumption 206 Power Consumption History Show server power consumption 207 Power Consumption Current Power Consumption Power History Options 209 Power History Chart 210 Sensors Check status of the sensors Sensors Check status of the sensorsValue range Risk of loss of data integrity Fans Check fans Fans page provides information on fans and their status212 Sensors Check status of the sensors Fan Test Test fans Selects all fans213 Sensors Check status of the sensors Temperature Report the temperature of the server components 215 Selects all temperature sensors Voltages Report voltage sensor information 217 Power Supply Check power supply 218 This functionality is not available with all servers 219 Component Status Check status of the server components 220 221 Status display for individual HDDs IRMC S2/S3 Sensors Check status of the sensors System Event Log and Internal Event Log System Event Log and Internal Event Log223 System Event Log Content 224 System Event Log Content page, System Event Log Information 225 Show Resolutions InternalEvent Log Content IRMC S2/S3 227 Clear Internal Event Log 229 Event Log Configuration 230 Event log is organized as a ring buffer 231 Helpdesk Information Helpdesk Information 233 Server Management Information IRMC S2/S3 Enables/disables the Bios recovery flash bit Retry counter 0 Max 235 Server Management Information page, Watchdog Options Server management software triggers a system reset 237 Server Management Information HP SIM Integration Options Network Settings Configure the LAN parameters Network Settings Configure the LAN parameters238 239 Network Interface IRMC S2/S3 Network Interface Settings MAC address of the iRMC S2/S3 is displayed here IPv4 configuration IPv4 address of the default gateway in the LANSubnet mask of the iRMC S2/S3 in the LAN 241 IPv6 configuration This option is disabled by default Vlan Configuration Max TCP Segment Lifetime Ports and Network Services 245 Session Timeout 246 Ports for text-based access 247 Network Settings Configure the LAN parameters VNC ports Click Apply to store the configured settings 248Remote Storage Ports DNS Configuration Configuring DNS for the iRMC S2/S3 249 Network Settings Configure the LAN parameters DNS Settings Enables/disables DNS for the iRMC S2/S3Number of DNS retries Network Settings Configure the LAN parameters DNS Name Enables/disables update of DNS records via Dynamic DNS251 Name extension for the iRMC S2/S3 Alerting Configure alerting Alerting Configure alerting253 Snmp Trap Alerting Configure Snmp trap alerting Snmp Trap Alerting Serial / Modem Alerting Configure alerting via modem Enables or disables serial / modem alertingThis entry will depend on the type of connection you have 255 Enter the name of the SMS server Enter the name of the mobile phoneDoCoMo You can choose between 80 or 140 as the maximum length Email Alerting Configure email alerting 257 Activate this option Number of Smtp retriesTime in seconds between Smtp retries No authentication for the connection User name for authentication on the mail serverPassword for authentication on the mail server Smtp port of the mail server Email Alerting page Secondary Smtp Server Configuration Some entry fields are disabled depending on the mail format 261 Admin Name User Management IRMC S2/S3 User local user management on the iRMC S2/S3User Management 263 Delete You can see the configuration of a user with the name User3 265 User Management User name Configuration 266 Disable this option to lock the user Enter the user passwordConfirm the password by entering it again here Enter a general description of the configured user here Permission to configure local user access data Assign a privilege group for a LAN channel to the user herePermission to use the Remote Storage functionality 268 User SSHv2 public key upload from file 269 Following email formats are available 270 Errors sending email are recorded in the event log Email address of recipient271 Notification function is deactivated for this paging group 273 Ldap Enabled 275 IRMC S2/S3 IP address or DSN name of the Backup Ldap server Ldap port of the Backup Ldap serverSecure Ldap port of the Backup Ldap server Ldap directory server that is to be used Complete DNS path name of the directory server Base DN is automatically derived from Domain NameUser name the iRMC S2/S3 uses to log onto the Ldap server Enables global email alerting 279 IRMC S2/S3 281 User Search Context Repeat the password you entered under Ldap Auth Password 283 Enhanced User Login 284 285 Centralized Authentication Service CAS Configuration 286 User Management CAS Generic Configuration 287 Always Display Login Port of the CAS service Default port number DNS name of the CAS serviceLogin URL of the CAS service Logout URL of the CAS service Permission to configure local user access data 290 CAS User Privilege and PermissionsAssign a privilege group to the user here 291 Console Redirection Redirecting the console Console Redirection Redirecting the consoleFollowing pages are available for console redirection 292 Console Redirection Mode 293 Following settings are possible Flow control is disabledFlow control is handled by the software Flow control is handled by the hardware 295 Start text console redirection via Serial over LAN SOL Power management and text console redirection Login window 296 297 Console Redirection Redirecting the console To close the connection to the console, click Leave Console 299 Windows Server 2003 SAC console 301 Console Redirection Redirecting the console 303 Advanced Video Redirection IRMC S2/S3 View Screenshot Takes a new video screenshot This function is not supported for all Primergy servers 305 No USB port will be disabled 306 Parallel AVR sessions 307 You start AVR under Video Redirection 308 AVR window full-control mode 309 AVR window with two active AVR sessions AVR window when the server is powered down IRMC S2/S3 311 Remote Storage Remote Storage Remote Storage Connection Status 313 Remote Storage Server Operating iRMC S2/S3 via Telnet / SSH Remote Manager Operating iRMC S2/S3 via Telnet / SSH Remote ManagerRequirements on the managed server 315 316 Establishing an SSH connection to the iRMC S2/S3 317 SSH connection Logging in to the Remote Manager Remote Manager login window is displayed Telnet connection Logging in to the Remote Manager Closing a Telnet / SSH connection 319 320 IRMC S2/S3 via Telnet/SSH Remote Manager 321 Requirements on the managed server Operating Remote Manager Operating Remote Manager323 Overview of menus Overview of menusSystem Information Enclosure Information Service Processor 325 Logging Logging326 327 Remote Manager Main menu window without system information Main menu of the Remote Manager Main menu of the Remote Manager Configure the iRMC S2/S3iRMC S2/S3 e.g. update firmware orChange the password Start a command line shell 330 331 Change the password Change the passwordSystem Information Information on the managed server System Information Information on the managed server Sets a customer-specific asset tag for the managed server333 Powers the server down completely and then Powers it up again after a configured periodGraceful shutdown and power off Agents are installed and signed onto 335 Remote Manager Enclosure Information menu IRMC S2/S3 Display information on the temperature sensors Display information on the power supplies and theirHousing are open Primergy diagnostic LED Enclosure Information System Eventlog Clear the contents of the internal event log Enclosure Information Internal Eventlog Configure the IPv4 / IPv6 address settings For details in the individual settingsDisplay the IP settings Switch the Primergy identification LED on/off Start a Command Line shell... Start a Smash CLP shell Console Redirection EMS/SAC Start text console redirection Show the console log in fast mode Continuous modeShow and change the logging run state For a more detailed description, see Console Logging Console Logging Run State Menu Command Line Protocol CLP Command Line Protocol CLPSmash CLP syntax 343 Command Line Protocol CLP Command Line Protocol CLP User data in the CLP overview Hierarchy of the CLP commandsAn overview of the CLP command hierarchy is shown in on 345 346 Requirements 347 Configuring via Server Configuration Manager 348 Applying settings 349 350 Operations Manager Start window 351 Configuring via Server Configuration Manager Firmware update 353 IRMC S2/S3 firmware overview IRMC S2/S3 firmware overviewActive and passive firmware image 355 Structure of the iRMC S2/S3 Eeprom IRMC S2/S3 firmware overview Firmware selector Setting up the USB memory stick Setting up the USB memory stickProceed as follows Connect the USB memory stick to your computer Setting up the USB memory stick 359 Update via the iRMC S2/S3 web interface Updating firmware imagesUpdating firmware images Downgrading the firmware to the previous version Update using the ServerView Update Manager 361 Online update using ServerView Update Manager Express or ASP When downgrading the firmware, please note Update using the operating system flash tools 363 Updating firmware images Proceed as follows Update via the lashDisk menu Firmware downgrade is only possible via recovery flash365 Readme file is opened An iRMC S2/S3 warm start is performed Emergency flash Emergency flash367 Flash tools Flash toolsSyntax Options Updates the bootloader firmware Emulation mode for debugging purposes onlyUpdate the inactive firmware Flashing operation Flash tools Return values Remote installation of the operating system via iRMC S2/S3 371 General procedure 373 Connecting a storage medium as remote storage Remote Storage connections 375 Storage Devices dialog box ServerView Suite DVD Booting from DVD 377 Choose Standard mode as the Installation Manager mode Booting from DVD Starting local deployment 379 Installing the operating system 380 381 382 Installing Linux on the managed server after configuration 383 Installing the operating system Ipmi OEM Commands supported by the iRMC S2/S3 SCCI-compliant communication commandsSCCI-compliant signaling commands Overview BIOS-specific command F109 Get Bios Post State F115 Get CPU InfoIRMC S2/S3-specific commands Description of the Ipmi OEM commands Ipmi OEM Commands supported by the iRMC S2/S3Description format 387 Power on Description Source 388 389 390 391 Time LSB first 02 06 System OS Shutdown Request and Reset 02 05 System OS Shutdown Request393 This command checks whether the agent is active 02 09 Shutdown Request Cancelled394 395 Attribute 396 This command returns the current firmware selector setting 397 398 399 BIOS-specific commands F1 09 Get Bios Post State This command provides information whether Bios is in Post400 401 Bit System on Bit Watchdog active Agent connected Post State 402 Ipmi OEM Commands supported by the iRMC S2/S3 Signaling Notifications 404 EEPROM# 00=EEPROM 1 01=EEPROM 405 CSS and Physical LED available This command translates a given SEL entry into long text 406 407 F5 B1 Get Identify LED 408 State of Error LED 409 F5 E0 Reset ConfigSpace variables to default 410 411 IRMC S2/S3 configuration data Overview 413 Cmdseq Integer value 415 Transferring a password as clear readable text Transferring an encrypted passwordTransferring the string Hello World 416 Transferring the IPv4 address 417 IRMC S2/S3 419 Scripted configuration of the iRMC S2/S3 List of Scci commands supported by the iRMC S2/S3420 421 USERNAME, Password 422 423 Generating encrypted passwords with iRMCPWD.exe IRMCPWD standard command line options IRMCPWD command line output options Default in Batch mode iRMCpwd.preCreates the output file as a WinSCU Batch file Output File 425 Contents of the generated .pre file 426