Go to main content

Oracle^® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

» ...Documentation Home » Oracle Integrated Lights Out Manager (ILOM) ... » Oracle^® ILOM Security Guide For ... » Oracle ILOM Deployment Practices for ... » Configuring Oracle ILOM Interfaces for ... » Configure the CLI for Increased Security » Use Server Side Keys to Encrypt SSH Connections

Updated: December 2019

Oracle^® ILOM Security Guide For Firmware Releases 3.x and 4.x

Document Information

Using This Documentation

Security Features Per Oracle ILOM Firmware Release

Checklists for Keeping Oracle ILOM Secure

Oracle ILOM Deployment Practices for Increasing Security

Securing the Physical Management Connection

Choosing Whether to Configure FIPS Mode At Deployment

Enable FIPS Mode at Deployment

Unupported Features When FIPS Mode Is Enabled

Securing Services and Open Network Ports

Preconfigured Services and Network Ports

Management of Unwanted Services and Open Ports

Configuring Services and Network Ports

Securing Oracle ILOM User Access

Avoid the Creation of Shared User Accounts

Assignment of Role-Based Privileges

Security Guidelines for Managing User Accounts and Passwords

Remote Authentication Services and Security Profiles

Configuring User Access for Increased Security

Securing the Automatic Service Request (ASR) Endpoint Connection

Uploading an SSL Certificate for ASR Client Configurations

Configuring Oracle ILOM Interfaces for Increased Security

Configure the Web Interface for Increased Security

Improve Security by Using a Trusted SSL Certificate and Private Key

Enable the Strongest TLS Encryption Properties

Set a Timeout Interval for Inactive Web Sessions

Configure the CLI for Increased Security

Management of SSH Server State and Weak Ciphers

Set a Timeout Interval for Inactive CLI Sessions

Use Server Side Keys to Encrypt SSH Connections

Append SSH Keys to User Accounts for Automated CLI Authentication

Configure SNMP Management Access for Increased Security

Use SNMPv3 Encryption and User Authentication

Sun SNMP MIBs Supporting Configurable Objects

Configure IPMI Management Access for Increased Security

Use IPMI TLS Service for Enhanced Authentication and Packet Encryption

Oracle ILOM IPMI Security Guidelines

IPMI 2.0 Authentication Cypher Suite Support

Configure WS-Management Access for Increased Security

Oracle ILOM Post Deployment Practices for Increasing Security

Language:

Use Server Side Keys to Encrypt SSH Connections

Oracle ILOM provides a Secure Shell (SSH) server capability, allowing remote clients to securely connect and manage Oracle ILOM through a command-line interface. The SSH protocol uses server-side keys to encrypt the management channel and secure all communication. SSH clients also use these keys to verify the authenticity of the SSH server.

Oracle ILOM generates a set of unique SSH keys on the first boot of a factory default system. In the event that new server-side keys are needed, Oracle ILOM supports the ability to manually generate additional SSH server-side keys.

To view or manually generate SSH server-side encryption keys, see the following web-based instructions.

Before You Begin

The Admin (a) is required to modify the SSH server properties.

Navigate to the SSH Server page in the Oracle ILOM web Interface.
For instance, in the:
- 3.0.x web interface, click System Management -> SSH Server.
- 3.1 and later web interface, click ILOM Administration -> Management Access-> SSH Server.

In the SSH Server page, review the generated RSA and DSA Key information, or perform the following:
1. Click Generate RSA Key to generate a new key.
2. Click Generate DSA Key to generate a new key.

Related Information

SSH Server Configuration Properties in Oracle ILOM Administrator’s Guide for Configuration and Maintenance Firmware Release 4.0.x

Copyright © 2012, 2019, Oracle and/or its affiliates. All rights reserved.