HP Bc1500 User Guide: HP BladeSystem PC Blade Enclosure Integrated Administrat - Page 113

Key-Based SSH Authentication

Get HP Bc1500 - BladeSystem - Blade PC PDF manuals and user guides View all HP Bc1500 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 113 highlights

Performing Advanced Functions Downloading a Security Certificate To download a security certificate using the CLI, type: DOWNLOAD CERTIFICATE This command downloads a CA supplied PKCS#7 file to replace the current security certificate on the system. Supported protocols are http, ftp, and tftp. Format the URL as: protocol://host/path/file If your ftp server does not support anonymous connections, you can specify a username and password by replacing the host part in the previous format: username:password@host Key-Based SSH Authentication Users may install their own public SSH keys for password-less logins to the Integrated Administrators. Only enclosure administrators can use key-based authentication. The CLI features four commands to install and manage the authorized SSH keys. » To view any current installed authorized SSH keys, type: SHOW SSHKEY This command shows any keys currently installed on the Integrated Administrator that are authorized to log in using an enclosure administrator account. » To view the fingerprint of the Integrated Administrator host key, type: SHOW SSHFINGERPRINT This command shows the fingerprint of the host key for the Integrated Administrators. Users may compare this fingerprint with the fingerprint displayed by their SSH client when connecting to the Integrated Administrators to guarantee the authenticity of the Integrated Administrator connection. Users who need guaranteed authenticity will want to use the Integrated Administrator serial console to obtain the SSH fingerprint for the first time. » To clear any currently installed authorized SSH keys, type: CLEAR SSHKEY This command clears any authorized keys currently installed on the Integrated Administrator that are authorized to log in. After this command has been issued, all users have to enter a valid password in order to log in. » To download and install one or more SSH keys, type: DOWNLOAD SSHKEY This command downloads and install a file containing one or more SSH keys which are authorized to log into the Integrated Administrator. The new file will replace any existing keys. Supported protocols are http, ftp and tftp. Format the URL as: protocol://host/path/file. If your ftp server does not support anonymous logins, you can specify a username and password by replacing the host part (in previous format) with: username:password@host. The Integrated Administrator supports multiple SSH keys in one downloaded file. Max file size for SSH keys is 16K. Key-based SSH logins has an advantage for use with scripting as well. Remote commands can be sent to any Integrated Administrator after installing the appropriate authorized key without having to enter a password between each command. Using the OpenSSH package, the user can send commands using the following syntax: ssh user@host command You can group together commands to perform a series of actions. To view the health status of the enclosure and all blades with a single command, type: HP PC Blade Enclosure Integrated Administrator for CCI v1.4 User Guide 8-3

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
HP PC Blade Enclosure Integrated Administrator for CCI v1.4 User Guide
8-3
Performing Advanced Functions
Downloading a Security Certificate
To download a security certificate using the CLI, type:
DOWNLOAD CERTIFICATE <url>
This command downloads a CA supplied PKCS#7 file to replace the current security certificate
on the system.
Supported protocols are http, ftp, and tftp. Format the URL as:
protocol://host/path/file
If your ftp server does not support anonymous connections, you can specify a username and
password by replacing the host part in the previous format: username:password@host
Key-Based SSH Authentication
Users may install their own public SSH keys for password-less logins to the Integrated
Administrators. Only enclosure administrators can use key-based authentication. The CLI
features four commands to install and manage the authorized SSH keys.
»
To view any current installed authorized SSH keys, type:
SHOW SSHKEY
This command shows any keys currently installed on the Integrated Administrator that are
authorized to log in using an enclosure administrator account.
»
To view the fingerprint of the Integrated Administrator host key, type:
SHOW
SSHFINGERPRINT
This command shows the fingerprint of the host key for the Integrated Administrators. Users
may compare this fingerprint with the fingerprint displayed by their SSH client when
connecting to the Integrated Administrators to guarantee the authenticity of the Integrated
Administrator connection. Users who need guaranteed authenticity will want to use the
Integrated Administrator serial console to obtain the SSH fingerprint for the first time.
»
To clear any currently installed authorized SSH keys, type:
CLEAR SSHKEY
This command clears any authorized keys currently installed on the Integrated Administrator
that are authorized to log in. After this command has been issued, all users have to enter a
valid password in order to log in.
»
To download and install one or more SSH keys, type:
DOWNLOAD SSHKEY <URL>
This command downloads and install a file containing one or more SSH keys which are
authorized to log into the Integrated Administrator. The new file will replace any existing
keys.
Supported protocols are http, ftp and tftp. Format the URL as:
protocol://host/path/file
.
If your ftp server does not support anonymous logins, you can specify a username and password
by replacing the host part (in previous format) with: username:password@host.
The Integrated Administrator supports multiple SSH keys in one downloaded file. Max file size
for SSH keys is 16K.
Key-based SSH logins has an advantage for use with scripting as well. Remote commands can be
sent to any Integrated Administrator after installing the appropriate authorized key without
having to enter a password between each command. Using the OpenSSH package, the user can
send commands using the following syntax:
ssh user@host command
You can group together commands to perform a series of actions. To view the health status of the
enclosure and all blades with a single command, type: