over SSH is set up and used correctly, you need not enter username or passwords to log in to the CMC. This can be very useful to
set up automated scripts to perform various functions.
NOTE: There is no GUI support for managing this feature, you can use only the RACADM.
When adding new public keys, make sure that the existing keys are not already at the index, where the new key is added. CMC does
not perform checks to ensure previous keys are deleted before a new one is added. As soon as a new key is added, it is automatically
in effect as long as the SSH interface is enabled.
When using the public key comment section of the public key, remember that only the first 16 characters are utilized by the CMC.
The public key comment is used by the CMC to distinguish SSH users when using the RACADM
getssninfo
command, because
all the PKA users use the service username to log in.
For example, if two public keys are set up one with comment PC1 and one with comment PC2:
racadm getssninfo
Type User IP Address Login
Date/Time
SSH PC1 x.x.x.x 06/16/2009
09:00:00
SSH PC2 x.x.x.x 06/16/2009
09:00:00
For more information about the
sshpkauth
, see the
Chassis Management Controller for PowerEdge VRTX RACADM Command
Line Reference Guide
.
Generating Public Keys for Systems Running Windows
Before adding an account, a public key is required from the system that accesses the CMC over SSH. There are two ways to
generate the public/private key pair: using PuTTY Key Generator application for clients running Windows or ssh-keygen CLI for
clients running Linux.
This section describes simple instructions to generate a public/private key pair for both applications. For additional or advanced
usage of these tools, see the application Help.
To use the PuTTY Key Generator to create a basic key for clients running Windows:
1.
Start the application and select SSH-2 RSA or SSH-2 DSA for the type of key to generate (SSH-1 is not supported).
2.
Enter the number of bits for the key. RSA key size should be between 768–4096.
NOTE:
•
The recommended DSA key length is 1024.
•
CMC may not display a message if you add keys less than 768 or greater than 4096, but when you try to log in with
these keys, CMC stops responding.
•
For DSA keys greater than 2048, use the following RACADM command. CMC accepts RSA keys up to key strength
4096, but the recommended key strength is 1024.
racadm -r 192.168.8.14 -u root -p calvin sshpkauth -i svcacct -k 1 -p 0xfff -f
dsa_2048.pub
3.
Click
Generate
and move the mouse in the window as directed.
After the key is created, you can modify the key comment field.
You can also enter a passphrase to make the key secure. Ensure that you save the private key.
4.
You have two options for using the public key:
•
Save the public key to a file to upload later.
•
Copy and paste the text from the
Public key for pasting
window when adding the account using the text option.
Generating Public Keys for Systems Running Linux
The ssh-keygen application for Linux clients is a command line tool with no graphical user interface. Open a terminal window and at
the shell prompt type:
ssh-keygen –t rsa –b 1024 –C testing
where,
–t
must be dsa or rsa.
–b
specifies the bit encryption size between 768 and 4096.
136