User privileges, Login security, Administering ssh keys – HP Integrated Lights-Out 4 User Manual

The directory also provides a central point of administration for iLO devices and users, and the
directory can enforce a stronger password policy. iLO enables you to use local users, directory
users, or both.

The following directory configuration options are available:

•

A directory extended with HP schema

•

The directory default schema

For more information about using directory authentication, see

“Directory services” (page 250)

.

User privileges

iLO allows you to control user account access to iLO features through the use of privileges. When
a user attempts to use a feature, iLO verifies that the user has the proper privilege to use that
feature.

You can control access to iLO features by using the following privileges: Administer User Accounts,
Remote Console Access, Virtual Power and Reset, Virtual Media, and Configure iLO Settings. User
privileges are configured on the Administration

→User Administration page. For more information,

see

“Administering users” (page 44)

.

NOTE:

User accounts can also be configured by using iLO RBSU or the iLO 4 Configuration

Utility. For more information, see

“Adding iLO user accounts by using iLO RBSU” (page 25)

.

Login security

iLO provides several login security features. After an initial failed login attempt, iLO imposes a
delay of ten seconds. Each subsequent failed attempt increases the delay by ten seconds. An
information page is displayed during each delay; this continues until a valid login occurs. This
feature helps to prevent dictionary attacks against the browser login port.

iLO saves a detailed log entry for failed login attempts. You can configure the Authentication Failure
Logging frequency on the Administration

→Access Settings page. For more information, see

“Configuring access options” (page 57)

.

Administering SSH keys

The Secure Shell Key page (

Figure 27

) displays the hash of the SSH public key associated with

each user. Each user can have only one key assigned. Use this page to view, add, or delete SSH
keys.

You must have the Administer User Accounts privilege to add and delete SSH keys.

About SSH keys

When you add an SSH key to iLO, you paste the SSH key file into iLO as described in

“Authorizing

a new key by using the iLO web interface” (page 65)

and

“Authorizing a new key by using the

CLI” (page 66)

. The file must contain the user-generated public key. The iLO firmware associates

each key with the selected local user account. If a user is removed after an SSH key is authorized
for that user, the SSH key is removed.

The following SSH key formats are supported:

•

RFC 4716

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "Administrator"
AAAAB3NzaC1kc3MAAACAT27C04Dy2zr7fWhUL7TwHDKQdEdyuAlNLIivLFP3IoKZ
ZtzF0VInP5x2VFVYmTvdVjD92CTlxxAtarOPON2qUqoOajKRtBWLmxcfqsLCT3wI
3ldxQvPYnhTYyhPQuoeJ/vYhoam+y0zi8D03pDv9KaeNA3H/zEL5mf9Ktgts8/UA
AAAVAJ4efo8ffq0hg4a/eTGEuHPCb3INAAAAgCbnhADYXu+Mv4xuXccXWP0Pcj47
7YiZgos3jt/Z0ezFX6/cN/RwwZwPC1HCsMuwsVBIqi7bvn1XczFPKOt06gVWcjFt
eBY3/bKpQkn61SGPC8AhSu8ui0KjyUZrxL4LdBrtp/K2+lm1fqXHnzDIEJ0RHg8Z
JazhY920PpkD4hNbAAAAgDN3lba1qFVl0UlRjj21MjXgr6em9TETSOO5b7SQ8hX/

64

Configuring iLO