HP ProCurve 2910al Access Security Manual page 257

Syntax: copy tftp pub-key-file < ipv4-address | ipv6-address > < filename >
Copies a public key file into the switch.
aaa authentication ssh login public-key
Configures the switch to authenticate a client public-key at
the login level with an optional secondary password method
(default: none).
Syntax: aaa authentication ssh enable < local | tacacs | radius | public-key > < local
| none | authorized>
Configures a password method for the primary and second­
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none.
If the primary access method is local, you can only specify
none for a secondary access method.
The authorized option allows access without authentication.
Note: The configuration of SSH clients' public keys is stored
in flash memory on the switch. You also can save SSH client
public-key configurations to a configuration file by entering
the following commands:
include-credentials
write memory
For more information about saving security credentials to
a configuration file, see "Saving Security Credentials in a
Config File" on page 2-10 in this guide.
For example, assume that you have a client public-key file named Client-
Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in Client-Keys.pub. For Manager-
level (enable) access for successful SSH clients you want to use TACACS+ for
primary password authentication and local for secondary password authenti­
cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following:
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
7-21