Table 23. Cryptography Schemes
Scheme Type Scheme
Asymmetric Cryptography Diffie-Hellman DSA/DSS 512–1024 (random) bits per NIST
specification
Symmetric Cryptography
• AES256-CBC
• RIJNDAEL256-CBC
• AES192-CBC
• RIJNDAEL192-CBC
• AES128-CBC
• RIJNDAEL128-CBC
• BLOWFISH-128-CBC
• 3DES-192-CBC
• ARCFOUR-128
Message Integrity
• HMAC-SHA1-160
• HMAC-SHA1-96
• HMAC-MD5-128
• HMAC-MD5-96
Authentication Password
Configure Public Key Authentication Over SSH
You can configure up to six public keys that can be used with the service username over an SSH
interface. Before adding or deleting public keys, make sure to use the view command to see what keys
are already set up, so that a key is not accidentally overwritten or deleted. The service username is a
special user account that can be used when accessing the CMC through SSH. When the PKA over SSH is
set up and used correctly, you need not enter username or passwords to log in to the CMC. This can be
very useful to set up automated scripts to perform various functions.
NOTE: There is no GUI support for managing this feature, you can use only the RACADM.
When adding new public keys, make sure that the existing keys are not already at the index, where the
new key is added. CMC does not perform checks to ensure previous keys are deleted before a new one is
added. As soon as a new key is added, it is automatically in effect as long as the SSH interface is enabled.
When using the public key comment section of the public key, remember that only the first 16 characters
are utilized by the CMC. The public key comment is used by the CMC to distinguish SSH users when
using the RACADM getssninfo command, because all the PKA users use the service username to log in.
For example, if two public keys are set up one with comment PC1 and one with comment PC2:
racadm getssninfo
Type User IP Address Login
Date/Time
SSH PC1 x.x.x.x 06/16/2009
09:00:00
SSH PC2 x.x.x.x 06/16/2009
09:00:00
151