HP Integrated Lights-Out Security, 7th edition
21
Figure 12. Remote console and virtual serial port encryption process
Every 3 minutes the server will combine the pre-master secrets with the generated 128-bit keys to
create new 128-bit keys. It uses these new keys to create a new set of RC4 data. The server sends a
signal to the client indicating that it has generated the new RC4 data and will begin communication
using the new cipher. The client performs the same operation when it sees the signal. It then sends a
signal to the server indicating that it is using the new RC4 data.
Secure Shell encryption
As discussed previously, the CLI uses SSH to encrypt the data stream both to and from the server. iLO
encrypts the SSH data using either the 3DES-CBC or AES128-CBC protocols (“
Appendix: SSH-2
support”). The SSH client negotiates with iLO to use one of those two protocols.
Disabling and changing ports
You can use iLO to change the port numbers of services or to disable services and utilities. You
cannot reconfigure the SNMP ports. You can manually configure the numbers of these ports:
• HTTP port for the Web and XML server
• Telnet port
• Remote console port
• Terminal Services Pass-Thru port
• Virtual media port
• SSH port
For example, when given an IP address, a web browser normally attempts to connect with port 80.
However, you can redirect the HTTP ports to administrator-defined ports. Once the HTTP port is re-
directed, a user must specify that port and the IP address to access the iLO login screen. This reduces
the chance that others can access the port without specific knowledge of the port number.