HP t420 Administrator Guide 8 - Page 173

shutdown, sshd, time, root/time/NTPServers

Get HP t420 PDF manuals and user guides View all HP t420 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 173 highlights

Registry key root/security/encryption/identity/ secretHashAlgorithm root/security/encryption/identity/ secretHashTTL root/security/mustLogin Description Sets the algorithm for creating a hash of a secret. Key Derivation Functions (KDFs) such as scrypt or argon2 are better than straightforward hashes because it is not quick to compute a rainbow dictionary using a KDF. All algorithms use an appropriate amount of random salt, which is regenerated each time the secret is hashed. The supported list includes scrypt, Argon2, SHA-256, and SHA-512 (though the latter two are not KDFs). Sets the number of seconds since the last successful login that a stored hashes of secrets will be considered valid. If set to a negative number, hashes of secrets will not time out. If set to 1, all users are forced to log in before accessing the desktop. shutdown Registry key root/shutdown/enableAutomaticShutdownTimeout root/shutdown/timeOfAutomaticShutdownTimeout Description If set to 1, a progress bar is shown in the shutdown/restart/logout confirmation dialog box. If the question is not answered in time, automatically shutdown/restart/logout. Sets the wait time for automatic shutdown timeout. sshd Registry key root/sshd/disableWeakCipher root/sshd/disableWeakHmac root/sshd/disableWeakKex root/sshd/enabled root/sshd/userAccess Description If set to 1, disable the CBC mode cipher and other known weak ciphers, such as 3DES, arcfour, etc. If set to 1, disable 96 bit hmac and any sha1-based and md5- based hmac. If set to 1, disable key exchange algorithms that have DH with SHA1. If set to 1, the SSH daemon is enabled and the thin client can be accessed via SSH. If set to 1, end users can connect to the thin client via SSH. time Registry key root/time/NTPServers Description Specifies NTP servers to use via a comma-separated list. Private NTP servers or large virtual NTP clusters such as pool.ntp.org are the best choices to minimize server load. Clear this value to return to using DHCP servers (tag 42) instead of a fixed list. shutdown 161

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
Registry key
Description
root/security/encryption/identity/
secretHashAlgorithm
Sets the algorithm for creating a hash of a secret. Key Derivation
Functions (KDFs) such as scrypt or argon2 are better than
straightforward hashes because it is not quick to compute a
rainbow dictionary using a KDF. All algorithms use an appropriate
amount of random salt, which is regenerated each time the secret
is hashed. The supported list includes scrypt, Argon2, SHA-256,
and SHA-512 (though the latter two are not KDFs).
root/security/encryption/identity/
secretHashTTL
Sets the number of seconds since the last successful login that a
stored hashes of secrets will be considered valid. If set to a
negative number, hashes of secrets will not time out.
root/security/mustLogin
If set to 1, all users are forced to log in before accessing the
desktop.
shutdown
Registry key
Description
root/shutdown/enableAutomaticShutdownTimeout
If set to 1, a progress bar is shown in the shutdown/restart/logout
confirmation
dialog box. If the question is not answered in time,
automatically shutdown/restart/logout.
root/shutdown/timeOfAutomaticShutdownTimeout
Sets the wait time for automatic shutdown timeout.
sshd
Registry key
Description
root/sshd/disableWeakCipher
If set to 1, disable the CBC mode cipher and other known weak
ciphers, such as 3DES, arcfour, etc.
root/sshd/disableWeakHmac
If set to 1, disable 96 bit hmac and any sha1–based and md5–
based hmac.
root/sshd/disableWeakKex
If set to 1, disable key exchange algorithms that have DH with
SHA1.
root/sshd/enabled
If set to 1, the SSH daemon is enabled and the thin client can be
accessed via SSH.
root/sshd/userAccess
If set to 1, end users can connect to the thin client via SSH.
time
Registry key
Description
root/time/NTPServers
Specifies
NTP servers to use via a comma-separated list. Private
NTP servers or large virtual NTP clusters such as
pool.ntp.org
are the best choices to minimize server load.
Clear this value to return to using DHCP servers (tag 42) instead of
a
fixed
list.
shutdown
161