HP ProCurve 9304M Security Manual page 77

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

authenticated with passwords stored on the device or on a TACACS/TACACS+ or RADIUS server

Both kinds of user authentication are enabled by default. You can configure the device to use one or both of them.

Configuring Secure Shell on an HP device consists of the following steps:

Setting the HP device's host name and domain name

Generating a host RSA public and private key pair for the device

Configuring RSA challenge-response authentication

Setting optional parameters

You can also view information about active SSH connections on the device as well as terminate them.

Setting the Host Name and Domain Name

If you have not already done so, establish a host name and domain name for the HP device. For example:

ProCurveRS(config)# hostname ProCurveRS

ProCurveRS(config)# ip dns domain-name hp.com

Syntax: hostname <name>

Syntax: ip dns domain-name <name>

Generating a Host RSA Key Pair

When SSH is configured, a public and private host RSA key pair is generated for the HP device. The SSH server

on the HP device uses this host RSA key pair, along with a dynamically generated server RSA key pair, to

negotiate a session key and encryption method with the client trying to connect to it.

The host RSA key pair is stored in the HP device's system-config file. Only the public key is readable. The public

key should be added to a "known hosts" file (for example, $HOME/.ssh/known_hosts on UNIX systems) on the

clients who want to access the device. Some SSH client programs add the public key to the known hosts file

automatically; in other cases, you must manually create a known hosts file and place the HP device's public key in

it. See "Providing the Public Key to Clients" on page 3-4 for an example of what to place in the known hosts file.

To generate a public and private RSA host key pair for the HP device:

ProCurveRS(config)# crypto key generate rsa

ProCurveRS(config)# write memory

The crypto key generate rsa command places an RSA host key pair in the running-config file and enables SSH

on the device. To disable SSH, you must delete the RSA host key pair. To do this, enter the following commands:

ProCurveRS(config)# crypto key zeroize rsa

ProCurveRS(config)# write memory

The crypto key zeroize rsa command deletes the RSA host key pair in the running-config file and disables SSH

on the device.

Syntax: crypto key generate | zeroize rsa

You can optionally configure the HP device to hide the RSA host key pair in the running-config file. To do this,

enter the following command:

ProCurveRS# ssh no-show-host-keys

Syntax: ssh no-show-host-keys

After entering the ssh no-show-host-keys command, you can display the RSA host key pair in the running-config

file with the following command:

ProCurveRS# ssh show-host-keys

Syntax: ssh show-host-keys

June 2005

Configuring Secure Shell

3 - 3

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 77

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents