Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Syntax:
copy tftp pub-key-file <
ipv4-address | ipv6-address
> < filename >
Copies a public key file into the switch.
aaa authentication ssh login public-key
Configures the switch to authenticate a client public-key at
the login level with an optional secondary password method
(default:
none
).
Syntax:
aaa authentication ssh enable < local | tacacs | radius | public-key > < local
| none | authorized>
Configures a password method for the primary and second
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to
none
.
If the primary access method is
local
, you can only specify
none
for a secondary access method.
The
authorized
option allows access without authentication.
Note:
The configuration of SSH clients’ public keys is stored
in flash memory on the switch. You also can save SSH client
public-key configurations to a configuration file by entering
the following commands:
include-credentials
write memory
For more information about saving security credentials to
a configuration file, see “Saving Security Credentials in a
Config File” on page 2-10 in this guide.
For example, assume that you have a client public-key file named
Client-
Keys.pub
(on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in
Client-Keys.pub.
For Manager-
level (enable) access for successful SSH clients you want to use for
primary password authentication and
local
for secondary password authenti
cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following:
7-21
Summary of Contents for PROCURVE 2910AL
Page 1: ...Access Security Guide ProCurve Switches W 14 03 2910al www procurve com ...
Page 2: ......
Page 3: ...HP ProCurve 2910al Switch February 2009 W 14 03 Access Security Guide ...
Page 84: ...Configuring Username and Password Security Front Panel Security 2 36 ...
Page 156: ...TACACS Authentication Operating Notes 4 30 ...
Page 288: ...Configuring Secure Socket Layer SSL Common Errors in SSL setup 8 22 ...
Page 416: ...Configuring Advanced Threat Protection Using the Instrumentation Monitor 10 28 ...
Page 572: ...Using Authorized IP Managers Operating Notes 14 14 ...
Page 592: ...12 Index ...
Page 593: ......