HMC Manual Reference Pages  - CHHMCENCR (1)

NAME
chhmcencr - change HMC encryption support

CONTENTS

Synopsis
Description
Options
Examples
Environment
Bugs
Author
See Also

SYNOPSIS
chhmcencr -c {passwd | webui | ssh | sshmac} -o {a | r | s}
-e encryption [--help]

DESCRIPTION
chhmcencr changes which encryption is used by the Hardware Management Console (HMC) to encrypt the passwords of locally authenticated HMC users. The new encryption will be used when a locally authenticated HMC user is created, or when the password for a locally authenticated HMC user is changed. The passwords of existing locally authenticated HMC users will not be affected by the encryption change until the passwords for those users are changed.

chhmcencr also changes which encryption ciphers can be used by the HMC Web user interface. The HMC must be restarted for any changes to HMC Web user interface encryption ciphers to take effect.

chhmcencr also changes which encryption ciphers and Message Authentication Code (MAC) algorithms can be used by the HMC Secure Shell (SSH) interface.

OPTIONS
-c The encryption configuration to change. Valid values are passwd to change which password encryption is used for locally authenticated HMC users, webui to change which encryption ciphers can be used by the HMC Web user interface, ssh to change which encryption ciphers can be used by the HMC SSH interface, or sshmac to change which MAC algorithms can be used by the HMC SSH interface.
-o The operation to perform.

Specify a to add one or more encryption ciphers to the list of encryption ciphers currently supported by the HMC Web user interface or SSH interface. Also specify a to add one or more MAC algorithms to the list of MAC algorithms currently supported by the HMC SSH interface.

Specify r to remove one or more encryption ciphers from the list of encryption ciphers currently supported by the HMC Web user interface or SSH interface. Also specify r to remove one or more MAC algorithms from the list of MAC algorithms currently supported by the HMC SSH interface.

Specify s to set the encryption to use to encrypt the passwords of locally authenticated HMC users for all subsequent user creations and user password modifications.

-e The password encryption, encryption cipher, or MAC algorithm to add, remove, or set. When adding or removing encryption ciphers or MAC algorithms, multiple encryption ciphers or MAC algorithms can be specified and must be comma separated. Encryption ciphers and MAC algorithms are added to the end of their lists. The order of the encryption ciphers and MAC algorithms in their lists is the order the HMC attempts to use them.

A list of all of the HMC password encryptions, encryption ciphers, and MAC algorithms available on the HMC can be obtained from the lshmcencr command.

--help Display the help text for this command and exit.

EXAMPLES
Set the password encryption to be used for all subsequent HMC user creations or password modifications to SHA-512:

chhmcencr -c passwd -o s -e sha512

Remove TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA from the encryption ciphers currently supported by the HMC Web user interface:

chhmcencr -c webui -o r -e TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA

Add TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA and TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA to the encryption ciphers currently supported by the HMC Web user interface:

chhmcencr -c webui -o a -e
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Remove aes128-ctr and aes128-gcm@openssh.com from the encryption ciphers currently supported by the HMC SSH interface:

chhmcencr -c ssh -o r -e aes128-ctr,aes128-gcm@openssh.com

Add hmac-sha2-256 to the MAC algorithms currently supported by the HMC SSH interface:

chhmcencr -c sshmac -o a -e hmac-sha2-256

ENVIRONMENT
None

BUGS
None

AUTHOR
IBM Austin

SEE ALSO
lshmcencr

Linux CHHMCENCR (1) "July 2016"
Generated by manServer 1.07 from chhmcencr.1 using man macros.