6-18
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
C a u t i o n
Protect your private key file from access by anyone other than yourself. If
someone can access your private key file, they can then penetrate SSH security
on the switch by appearing to be you.
SSH does not protect the switch from unauthorized access via the web
interface, Telnet, SNMP, or the serial port. While web and Telnet access can
be restricted by the use of passwords local to the switch, if you are unsure of
the security this provides, you may want to disable web-based and/or Telnet
access (
no web-management
and
no telnet
). If you need to increase SNMP
security, you should use SNMP version 3 only. If you need to increase the
security of your web interface, refer to chapter 7, “Configuring Secure Socket
Layer (SSL)” . Another security measure is to use the Authorized IP Managers
feature described in the switch’s
Management and Configuration Guide
. To
protect against unauthorized access to the serial port (and the Clear button,
which removes local password protection), keep physical access to the switch
restricted to authorized personnel.
5. Configure the Switch for SSH Authentication
Note that all methods in this section result in authentication of the switch’s
public key by an SSH client. However, only Option B (page 6-19) results in the
switch also authenticating the client’s public key. Also, for a more detailed
discussion of the topics in this section, refer to “Further Information on SSH
Client Public-Key Authentication” on page 6-22
N o t e
ProCurve recommends that you always assign a Manager-Level (enable)
password to the switch. Without this level of protection, any user with Telnet,
web, or serial port access to the switch can change the switch’s configuration.
Also, if you configure only an Operator password, entering the Operator
password through telnet, web, SSH or serial port access enables full manager
privileges
. See “1. Assign Local Login (Operator) and Enable (Manager)
Password” on page 6-9.
Option A: Configuring SSH Access for Password-Only SSH
Authentication.
When configured with this option, the switch uses its pub-
lic key to authenticate itself to a client, but uses only passwords for client
authentication.
Содержание ProCurve 2510G Series
Страница 1: ...Access Security Guide www procurve com ProCurve Series 2510G Switches Y 11 XX ...
Страница 2: ......
Страница 3: ...ProCurve Series 2510G Switches Access Security Guide June 2008 ...
Страница 12: ...x ...
Страница 26: ...1 10 Getting Started Need Only a Quick Start ...
Страница 105: ...4 31 TACACS Authentication Configuring TACACS on the Switch ...
Страница 106: ...4 32 TACACS Authentication Configuring TACACS on the Switch ...
Страница 176: ...6 30 Configuring Secure Shell SSH Messages Related to SSH Operation ...
Страница 198: ...7 22 Configuring Secure Socket Layer SSL Common Errors in SSL Setup ...
Страница 296: ...9 40 Configuring and Monitoring Port Security Configuring Protected Ports ...
Страница 310: ...10 14 Using Authorized IP Managers Operating Notes ...
Страница 318: ...8 Index ...
Страница 319: ......