In this howto I will describe how you can enable ssh key based authentication on Dell Blades CMC IDRAC. This will help to manage large number of Dell Blades CMC’s in Datacenter specially in Cluster Environment. You might be using root/calvin or your defined user/pass to login in CMC for management work using web or ssh but to access Dell CMC on ssh key based authentication (password less), you need to use only service account. Dell CMC has limitation, you can only use svcacct (user=service) for ssh key based authentication.
1) Setup SSH Key on Linux
First you need to create an ssh key for your user
|
1 |
ssh-keygen -t dsa -b 1024 |
-t it can be either dsa or rsa, passphrase is optional, its depends on you whether you give or not. I will choose no passphrase.
Confirm you have generated the public key.
|
1 2 |
ls ~/.ssh/ id_dsa id_dsa.pub |
where id_dsa is your private key and id_dsa.pub is your public key. You will need public key to upload to Dell CMC.
2) Managing SSH Public Key on CMC using RACADM
Fist assure you have install latest version of racadm package on your machine to do the task. The user for ssh key based authentication on CMC should be svcacct (service), others will not work.
Check before upload your ssh key to Dell CMC that it has no other keys already define, you can have 6 different keys at one time for svcacct.
To view all keys on your CMC
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
racadm -r dell-cmc1 -u root -p calvin sshpkauth –i svcacct –k all –v Key 1=UNDEFINED Key 2=UNDEFINED Key 3=UNDEFINED Key 4=UNDEFINED Key 5=UNDEFINED Key 6=UNDEFINED Privilege 1=0x0 Privilege 2=0x0 Privilege 3=0x0 Privilege 4=0x0 Privilege 5=0x0 Privilege 6=0x0 |
To view only key at a time, replace all with number (1 – 6) using -k switch,
|
1 2 3 |
racadm -r dell-cmc1 -u root -p calvin sshpkauth -i svacct -k 1 -v Key=UNDEFINED Privilege=0x0 |
To add a Public Key use follwing command
|
1 2 |
racadm -r dell-cmc1 -u root -p calvin sshpkauth –i svcacct –k 1 –p 0xfff –f ~/.ssh/id_dsa.pub PK SSH Authentication Key file successfully uploaded to the RAC |
where p is for privilege (here we are giving full) and -f for the ssh public key file.
You can also add public key using key text instead of file
|
1 2 |
racadm -r dell-cmc1 -u root -p calvin sshpkauth –i svcacct –k 1 –p 0xfff –t "ssh-dss AAAAB3NzaC1kc3MAAACBAKnPsk+000MqdXpZdq0jPiMD1g5/Y5RRXcalAeantBs5HPoWUhLW10P0LH3lpZRs6niQ33C3mYPw2E40pGMC280CH0ChHZ/eU4z5RJfRZGSfvS+uB17rxJfV0rJYGX9mZl6xTY8Y8XaENW3db5uWsAm/BnopNmsrZrFwTvhK1tOLAAAAFQDCTSvMnmAWVwCEUgqesjs/35v7vwAAAIBKYv47cxWcN3i8XIWPrVs1B/1cAZcHV7X5D6m2ZHYVP/lzIl2JRWKspZT6EO/PWMaoxISsOdu0htj9yVVh/1BkQ90J7DJCtxSL6SN4arsfgrdkuC5ILkktYCERD/0LOOaIVns3f/yTHXd13lQufRziXJPw5YQhuqFMCJiXCJ9G9wAAAIBQYPiujpAEXgt5nkGBkYBp15BhhkSDIpvwhJPa3kzDixLKDr0tCdADCP+soV6ADZAmNWzlMn1Tswp51IswsyfyemrzNGubOAvHCFxCs/Z4mfeTkjbwpLf+Zpy2C7qBketOAkOFD/aP1Wm4GH62KKg/PXPqgDn3zla1ulf0fk2Vew== root@server1” PK SSH Authentication Key file successfully uploaded to the RAC |
Reconfirm the public key has added using following command,
|
1 2 3 |
racadm -r dell-cmc1 -u root -p calvin sshpkauth -i svacct -k 1 -v Key=ssh-dss AAAAB3NzaC1kc3MAAACBAKnPsk+000MqdXpZdq0jPiMD1g5/Y5RRXcalAeantBs5HPoWUhLW10P0LH3lpZRs6niQ33C3mYPw2E40pGMC280CH0ChHZ/eU4z5RJfRZGSfvS+uB17rxJfV0rJYGX9mZl6xTY8Y8XaENW3db5uWsAm/BnopNmsrZrFwTvhK1tOLAAAAFQDCTSvMnmAWVwCEUgqesjs/35v7vwAAAIBKYv47cxWcN3i8XIWPrVs1B/1cAZcHV7X5D6m2ZHYVP/lzIl2JRWKspZT6EO/PWMaoxISsOdu0htj9yVVh/1BkQ90J7DJCtxSL6SN4arsfgrdkuC5ILkktYCERD/0LOOaIVns3f/yTHXd13lQufRziXJPw5YQhuqFMCJiXCJ9G9wAAAIBQYPiujpAEXgt5nkGBkYBp15BhhkSDIpvwhJPa3kzDixLKDr0tCdADCP+soV6ADZAmNWzlMn1Tswp51IswsyfyemrzNGubOAvHCFxCs/Z4mfeTkjbwpLf+Zpy2C7qBketOAkOFD/aP1Wm4GH62KKg/PXPqgDn3zla1ulf0fk2Vew== root@vaio Privilege=0xfff |
3) Access CMC
Now issue ssh command to access with user service
|
1 2 3 4 5 |
ssh service@dell-cmc1 Welcome to the CMC firmware version 4.30.A00.201210301401 $ |
It will help you to manage large of CMC’s you have in your Data Center specially in Cluster Environment.
