HP 5120 SI Series Security Configuration Manual page 8

Displaying and maintaining PKI ································································································································· 231
PKI configuration examples ········································································································································· 231
Requesting a certificate from a CA running RSA Keon ··················································································· 231
Requesting a certificate from a CA running Windows 2003 Server ···························································· 235
Configuring a certificate attribute-based access control policy ······································································ 238
Troubleshooting PKI ····················································································································································· 239
Failed to retrieve a CA certificate ······················································································································ 239
Failed to request a local certificate ··················································································································· 240
Failed to retrieve CRLs ········································································································································ 241
SSH2.0 configuration ············································································································································· 242
SSH2.0 overview ························································································································································· 242
Introduction to SSH2.0 ······································································································································· 242
SSH operation ····················································································································································· 242
FIPS compliance ··························································································································································· 245
Configuring the device as an SSH server ·················································································································· 245
SSH server configuration task list ······················································································································ 245
Generating a DSA or RSA key pair ·················································································································· 245
Enabling the SSH server function ······················································································································· 246
Configuring the user interfaces for SSH clients ································································································ 246
Configuring a client public key ·························································································································· 247
Configuring an SSH user ···································································································································· 248
Setting the SSH management parameters ········································································································ 249
Configuring the device as an SSH client ··················································································································· 250
SSH client configuration task list ························································································································ 250
Specifying a source IP address/interface for the SSH client ·········································································· 250
Configuring whether first-time authentication is supported ············································································· 250
Establishing a connection between the SSH client and server ······································································· 251
Displaying and maintaining SSH ······························································································································· 252
SSH server configuration examples ··························································································································· 253
When switch acts as server for password authentication ··············································································· 253
When switch acts as server for publickey authentication ··············································································· 255
SSH client configuration examples ····························································································································· 260
When switch acts as client for password authentication ················································································ 260
When switch acts as client for publickey authentication ················································································ 263
SFTP configuration ·················································································································································· 266
SFTP overview ······························································································································································· 266
Configuring the device as an SFTP server ················································································································· 266
Configuration prerequisites ································································································································ 266
Enabling the SFTP server ···································································································································· 266
Configuring the SFTP connection idle timeout period ····················································································· 267
Configuring the device an SFTP client ······················································································································· 267
Specifying a source IP address or interface for the SFTP client ······································································ 267
Establishing a connection to the SFTP server ···································································································· 267
Working with SFTP directories ··························································································································· 268
Working with SFTP files ······································································································································ 269
Displaying help information ······························································································································· 269
Terminating the connection to the remote SFTP server ···················································································· 269
SFTP client configuration example ····························································································································· 270
SFTP server configuration example ···························································································································· 273
SCP configuration ··················································································································································· 276
SCP overview································································································································································ 276
Configuring the switch as an SCP server ·················································································································· 276
Configuring the switch as the SCP client ··················································································································· 277
vi