Users Guide

ManualsBrandsDell ManualsComputer HardwarePowerEdge C4130

111

112

113

114

115

116

117

118

119

120

Scheme Type Algorithms

ecdh-sha2-nistp384

ecdh-sha2-nistp521

diffie-hellman-group-exchange-sha256

diffie-hellman-group14-sha1

Encryption

chacha20-poly1305@openssh.com

aes128-ctr

aes192-ctr

aes256-ctr

aes128-gcm@openssh.com

aes256-gcm@openssh.com

MAC

hmac-sha1

hmac-ripemd160

umac-64@openssh.com

Compression None

NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell

recommends not enabling DSA public key support.

Using public key authentication for SSH

iDRAC supports the Public Key Authentication (PKA) over SSH. This is a licensed feature. When the PKA over SSH is set up and

used correctly, you must enter the user name while logging into iDRAC. This is useful for setting up automated scripts that perform

various functions. The uploaded keys must be in RFC 4716 or OpenSSH format. Else, you must convert the keys into that format.

NOTE: If you enable OpenSSH 7.0 or later, DSA public key support is disabled. To ensure better security for iDRAC, Dell

recommends not enabling DSA public key support.

In any scenario, a pair of private and public key must be generated on the management station. The public key is uploaded to iDRAC

local user and private key is used by the SSH client to establish the trust relationship between the management station and iDRAC.

You can generate the public or private key pair using:

• PuTTY Key Generator application for clients running Windows

• ssh-keygen CLI for clients running Linux.

CAUTION: This privilege is normally reserved for users who are members of the Administrator user group on iDRAC.

However, users in the ‘Custom’ user group can be assigned this privilege. A user with this privilege can modify any user’s

configuration. This includes creation or deletion of any user, SSH Key management for users, and so on. For these

reasons, assign this privilege carefully.

CAUTION: The capability to upload, view, and/ or delete SSH keys is based on the ’Configure Users’ user privilege. This

privilege allows user(s) to configure another user's SSH key. You should grant this privilege carefully.

Generating public keys for Windows

To use the PuTTY Key Generator application to create the basic key:

1. Start the application and select RSA for the key type.

2. Enter the number of bits for the key. The number of bits must be between 2048 and 4096 bits.

3. Click Generate and move the mouse in the window as directed.

The keys are generated.

4. You can modify the key comment field.

5. Enter a passphrase to secure the key.

6. Save the public and private key.

Generating public keys for Linux

To use the ssh-keygen application to create the basic key, open a terminal window and at the shell prompt, enter ssh-keygen –t

rsa –b 2048 –C testing

117