HP Integrity rx2800 HP Integrity iLO 3 Operations Guide - Page 58
SO: Security option help, O - Security Options
View all HP Integrity rx2800 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 58 highlights
SA [ -telnet ] [ -web ] [ -ssh ] [ -nc ] SA -? See also: DI, LC SO: Security option help Command access level: MP configuration access The SO command enables you to modify the security options of iLO 3. For user configuration, see the UC command. For SSH enable/disable, see the SA command. The security options menu is as follows: O - Security Options • Login timeouts • Allowed password faults • SSL certificate generation • Generate SSH key pairs • Exit security override mode L - SSL Certificate This option is an SSL certificate that is a self generated certificate and is also generated automatically the first time the iLO 3 is booted or if the NVRAM in which it is stored gets corrupted. You might want to regenerate this certificate with your own parameters or regenerate it when it is close to expiring. The initial certificate has a 10-year expiration date from the build date of the MP binary image. A regenerated certificate is only valid for 2 years from the system date. The SSL certificate is used to connect the web GUI to the iLO. H - SSH Pairs This option would only be used if the SSH keys need to be changed by choice or the keys which are stored in NVRAM get corrupted. The first time the iLO 3 is booted, these keys are generated automatically. These key pairs are used for SSH connections to the iLO. The following are SO command parameters: • Login timeout: 0 to 5 minutes. This is the maximum time allowed to enter login name and password after the connection is established. The connection is interrupted when the timeout value is reached. The local console restarts the login; for all other terminal types, the connection is closed. A timeout value of 0 means there is no timeout set for the login. The login timeout and the timeout value is effective on all ports including the local port. However, the local port cannot be disconnected like other ports on login timeout. For example, if a local port user sits at the hpilo-> Login: prompt, no action occurs even when a timeout occurs. However, if a local port user enters a login name, sits at the hpilo-> Password: prompt, and a timeout occurs, then this login is cancelled and the hpilo-> Login: prompt reappears. • Number of password faults allowed: 1 to 10. This parameter defines the number of times a user can attempt to log in to a console before being rejected and having its connection closed. • SSL certificate: Enables the generation of SSL certificates. NOTE: If you specify the certificate using the command line, then you must specify every parameter. • SSH keys generation: Enables SSH keys authorization. Command line usage and scripting: 58 Using iLO 3