Privileges, Login security, Ssh key administration – HP Integrated Lights-Out User Manual
Page 46
Configuring iLO 2 46
users, and the directory can enforce a stronger password policy. iLO 2 enables you to use local users,
directory users, or both.
Two configuration options are available: using a directory that has been extended with HP Schema
Setting up HP schema directory integration
" on page
) or using the directory’s default schema
(schema-free ("
Setup for Schema-free directory integration
" on page
Privileges
iLO 2 allows the administrator to control user account access to iLO 2 functions through the use of
privileges. When a user attempts to use a function, the iLO 2 system verifies that the user has the privilege
before the user is allowed to perform the function.
Each feature available through iLO 2 can be controlled through privileges, including Administer User
Accounts, Remote Console Access, Virtual Power and Reset, Virtual Media, and Configure iLO 2 Settings.
Privileges for each user can be configured on the User Administration page of the Administration tab.
Login security
iLO 2 provides several login security features. After an initial failed login attempt, iLO 2 imposes a delay
of five seconds. After a second failed attempt, iLO 2 imposes a delay of 10 seconds. After the third failed
attempt, and any subsequent attempts, iLO 2 imposes a delay of 60 seconds. All subsequent failed login
attempts cycles through these values. An information page is displayed during each delay. This will
continue until a valid login is completed. This feature assists in defending against possible dictionary
attacks against the browser login port.
iLO 2 saves a detailed log entry for failed login attempts, which imposes a delay of 60 seconds.
SSH key administration
iLO 2 enables you to authorize up to four SSH keys at one time on the SSH Key tab. The SSH Key tab
also displays the owner (if any keys are authorized) of each authorized SSH key. Multiple keys can
belong to a single user.
To add an authorized key to iLO 2, the public key path must be submitted to iLO 2. The key file must
contain the user name after the end of the key. iLO 2 associates each key with a local user account. If the
local account does not exist or if it is deleted, the key is invalid (the key is not listed if the local account
does not exist).
Alternatively, you can authorize SSH keys for an HP SIM server by running the mxagentconfig tool from
the HP SIM server and specifying the address and user credentials for iLO 2. See your HP SIM
documentation for more details.
To authorize a new key:
1.
In the iLO 2 interface, click Administration>Security>SSH Key.
2.
Click Browse, and locate the key file.
3.
Click Authorize Key.
You can view or delete any previously authorized key by selecting the key, and clicking View Selected
Key or Delete Selected Key. The View Selected Key and Delete Selected Key buttons only appear when
SSH keys are installed.