Deleting keys, Authorizing keys from an hp sim server, Administering ssl certificates – HP Integrated Lights-Out 4 User Manual
Page 67: Administering ssl
6.
Enter the following command:
load sshkey type "oemhp_loadSSHkey -source
<protocol://username:password@hostname:port/filename>"
When you use this command:
•
The protocol value is required and must be HTTP or HTTPS.
•
The hostname and filename values are required.
•
The username:password and port values are optional.
•
oemhp_loadSSHkey
is case-sensitive.
The CLI performs a cursory syntax verification of the values you enter. You must visually verify that
the URL is valid. The following example shows the command structure:
oemhp_loadSSHkey -source http://192.168.1.1/images/path/sshkey.pub
Deleting keys
1.
Navigate to the Administration
→Security page.
2.
Click the Secure Shell Key tab, as shown in
3.
Select the check box to the left of the user for which you want to delete an SSH key.
4.
Click Delete Selected Key(s).
The selected SSH key is removed from iLO. When an SSH key is deleted from iLO, an SSH
client cannot authenticate to iLO by using the corresponding private key.
Authorizing keys from an HP SIM server
The mxagentconfig utility enables you to authorize SSH keys from an HP SIM server.
•
SSH must be enabled on iLO before you use mxagentconfig to authorize a key.
•
The user name and password entered in mxagentconfig must correspond to an iLO user
who has the Configure iLO Settings privilege. The user can be a directory user or a local user.
•
The key is authorized on iLO and corresponds to the user name specified in the
mxagentconfig
command.
For more information about mxagentconfig, see the HP iLO 4 Scripting and Command Line
Guide.
Administering SSL certificates
SSL is a standard for encrypting data so that it cannot be viewed or modified while in transit on
the network. SSL uses a key to encrypt and decrypt the data. The longer the key, the better the
encryption.
A certificate is a public document that describes the server. It contains the name of the server and
the server's public key. Because only the server has the corresponding private key, this is how the
server is authenticated.
A certificate must be signed to be valid. If it is signed by a CA, and that CA is trusted, all certificates
signed by the CA are also trusted. A self-signed certificate is one in which the owner of the certificate
acts as its own CA. Self-signed certificates are the default for HP management products, though
they do support certificates signed by certifying authorities.
The iLO firmware enables you to create a certificate request, import a certificate, and view
information associated with a stored certificate. Certificate information is encoded in the certificate
by the CA and is extracted by iLO.
By default, iLO creates a self-signed certificate for use in SSL connections. This certificate enables
iLO to work without additional configuration steps. Importing a trusted certificate can enhance the
Configuring iLO security
67