HP ProCurve 9304M Security Manual page 81

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

•

The user authentication method the HP device uses for SSH connections

•

Whether the HP device allows users to log in without supplying a password

•

The port number for SSH connections

•

The SSH login timeout value

•

A specific interface to be used as the source for all SSH traffic from the device

•

The maximum idle time for SSH sessions

Setting the Number of SSH Authentication Retries

By default, the HP device attempts to negotiate a connection with the connecting host three times. The number of

authentication retries can be changed to between 1 – 5.

For example, the following command changes the number of authentication retries to 5:

ProCurveRS(config)# ip ssh authentication-retries 5

Syntax: ip ssh authentication-retries <number>

Setting the Server RSA Key Size

The default size of the dynamically generated server RSA key is 768 bits. The size of the server RSA key can be

between 512 – 896 bits.

For example, the following command changes the server RSA key size to 896 bits:

ProCurveRS(config)# ip ssh key-size 896

Syntax: ip ssh key-size <number>

NOTE: The size of the host RSA key that resides in the system-config file is always 1024 bits and cannot be

changed.

Deactivating User Authentication

After the SSH server on the HP device negotiates a session key and encryption method with the connecting client,

user authentication takes place. HP's implementation of SSH supports RSA challenge-response authentication

and password authentication.

With RSA challenge-response authentication, a collection of clients' public keys are stored on the HP device.

Clients are authenticated using these stored public keys. Only clients that have a private key that corresponds to

one of the stored public keys can gain access to the device using SSH.

With password authentication, users are prompted for a password when they attempt to log into the device

(provided empty password logins are not allowed; see "Enabling Empty Password Logins" on page 3-7). If there is

no user account that matches the user name and password supplied by the user, the user is not granted access.

You can deactivate one or both user authentication methods for SSH. Note that deactivating both authentication

methods essentially disables the SSH server entirely.

To disable RSA challenge-response authentication:

ProCurveRS(config)# ip ssh rsa-authentication no

Syntax: ip ssh rsa-authentication no | yes

To deactivate password authentication:

ProCurveRS(config)# ip ssh password-authentication no

Syntax: ip ssh password-authentication no | yes

Enabling Empty Password Logins

By default, empty password logins are not allowed. This means that users with an SSH client are always

prompted for a password when they log into the device. To gain access to the device, each user must have a user

June 2005

Configuring Secure Shell

3 - 7

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 81

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents