Article original Publié le : 21 juin 2022 Mise à jour le : – |
Le compte par défaut est root/calvin
Il est conseillé de désactiver le compte root et de créer un administrateur dédié
Lister les utilisateurs
1 |
/admin1-> racadm get idrac.users |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
iDRAC.Users.1 [Key=iDRAC.Embedded.1#Users.1] iDRAC.Users.2 [Key=iDRAC.Embedded.1#Users.2] iDRAC.Users.3 [Key=iDRAC.Embedded.1#Users.3] iDRAC.Users.4 [Key=iDRAC.Embedded.1#Users.4] iDRAC.Users.5 [Key=iDRAC.Embedded.1#Users.5] iDRAC.Users.6 [Key=iDRAC.Embedded.1#Users.6] iDRAC.Users.7 [Key=iDRAC.Embedded.1#Users.7] iDRAC.Users.8 [Key=iDRAC.Embedded.1#Users.8] iDRAC.Users.9 [Key=iDRAC.Embedded.1#Users.9] iDRAC.Users.10 [Key=iDRAC.Embedded.1#Users.10] iDRAC.Users.11 [Key=iDRAC.Embedded.1#Users.11] iDRAC.Users.12 [Key=iDRAC.Embedded.1#Users.12] iDRAC.Users.13 [Key=iDRAC.Embedded.1#Users.13] iDRAC.Users.14 [Key=iDRAC.Embedded.1#Users.14] iDRAC.Users.15 [Key=iDRAC.Embedded.1#Users.15] iDRAC.Users.16 [Key=iDRAC.Embedded.1#Users.16] |
Vérifier l’utilisateur 5, dans mon exemple celui-ci ne dispose pas de login et est désactivé
1 |
/admin1-> racadm get iDRAC.Users.5 |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[Key=iDRAC.Embedded.1#Users.5] AuthenticationProtocol=SHA Enable=Disabled IPMIKey= IpmiLanPrivilege=15 IpmiSerialPrivilege=15 MD5v3Key= !!Password=******** (Write-Only) PrivacyProtocol=AES Privilege=0x0 ProtocolEnable=Disabled SHA1v3Key= SHA256Password= SHA256PasswordSalt= SolEnable=Disabled UserName= |
Créer le compte utilisateur, donner lui un mot de passe, lui associer les droits d’administration et l’activer
1 |
/admin1-> racadm set iDRAC.Users.5.UserName test_user |
1 2 |
[Key=iDRAC.Embedded.1#Users.5] Object value modified successfully |
1 |
/admin1-> racadm set iDRAC.Users.5.Password dei8HeeTohKeexeif |
1 2 |
[Key=iDRAC.Embedded.1#Users.5] Object value modified successfully |
1 |
/admin1-> racadm set iDRAC.Users.5.Privilege 0x1ff |
1 2 |
[Key=iDRAC.Embedded.1#Users.5] Object value modified successfully |
1 |
/admin1-> racadm set iDRAC.Users.5.IpmiLanPrivilege 4 |
1 2 |
[Key=iDRAC.Embedded.1#Users.5] Object value modified successfully |
1 |
/admin1-> racadm set iDRAC.Users.5.Enable enabled |
1 2 |
[Key=iDRAC.Embedded.1#Users.5] Object value modified successfully |
Puis ajouter y la clé publique de l’utilisateur ID.5
1 |
/admin1-> racadm sshpkauth -i 5 -k 1 -t 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9Qxxxxxxxxxxxxxxx' |
1 |
PK SSH Authentication operation completed successfully. |
Lister si la clé est bien présente de l’utilisateur ID.5
1 |
/admin1-> racadm sshpkauth -v -i 5 -k all |
1 2 3 4 5 |
--- User 5 --- Key 1 : ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9Qxxxxxxxxxxxxxxx Key 2 : Key 3 : Key 4 : |
Tester la connexion
1 |
$ ssh test_user@idrac_test 'racadm storage get vdisks -o -p Layout,Status' |
1 2 3 4 5 |
Warning: Permanently added 'idrac_test' (ECDSA) to the list of known hosts. Disk.Virtual.0:RAID.Integrated.1-1 Layout = Raid-5 Status = Ok Warning: It is recommended not to use the default user name (root) and password as it is a security risk. |
1 |
$ ssh test_user@idrac_test |
1 2 |
Warning: It is recommended not to use the default user name (root) and password as it is a security risk. /admin1-> |
Pour finir ce test, je renomme le compte et le re-désactive
1 |
/admin1-> racadm set iDRAC.Users.5.UserName none |
1 2 |
[Key=iDRAC.Embedded.1#Users.5] Object value modified successfully |
1 |
/admin1-> racadm set iDRAC.Users.5.Enable disabled |
1 2 |
[Key=iDRAC.Embedded.1#Users.5] Object value modified successfully |
Source :
https://dl.dell.com/topicspdf/idrac7-8-lifecycle-controller-v2.40.40.40_reference-guide_en-us.pdf
https://dl.dell.com/topicspdf/idrac7-8-lifecycle-controller-v2.40.40.40_reference-guide_en-us.pdf