Configure Ssh - HP ProCurve 9304M Security Manual
Routing switches
Hide thumbs
Also See for ProCurve 9304M:
- Management and configuration manual (690 pages) ,
- Installation and configuration manual (504 pages) ,
- Installation and getting started manual (348 pages)
Table of Contents
Advertisement
Security Guide for ProCurve 9300/9400 Series Routing Switches
name and password. Without a user name and password, a user is not granted access. See "Setting Up Local
User Accounts" on page 2-16 for information on setting up user names and passwords on HP devices.
If you enable empty password logins, users are not prompted for a password when they log in. Any user with an
SSH client can log in without being prompted for a password.
To enable empty password logins:
ProCurveRS(config)# ip ssh permit-empty-passwd yes
Syntax: ip ssh permit-empty-passwd no | yes
Setting the SSH Port Number
By default, SSH traffic occurs on TCP port 22. You can change this port number. For example, the following
command changes the SSH port number to 2200:
ProCurveRS(config)# ip ssh port 2200
Note that if you change the default SSH port number, you must configure SSH clients to connect to the new port.
Also, you should be careful not to assign SSH to a port that is used by another service. If you change the SSH
port number, HP recommends that you change it to a port number greater than 1024.
Syntax: ip ssh port <number>
Setting the SSH Login Timeout Value
When the SSH server attempts to negotiate a session key and encryption method with a connecting client, it waits
a maximum of 120 seconds for a response from the client. If there is no response from the client after 120
seconds, the SSH server disconnects. You can change this timeout value to between 1 – 120 seconds. For
example, to change the timeout value to 60 seconds:
ProCurveRS(config)# ip ssh timeout 60
Syntax: ip ssh timeout <seconds>
Designating an Interface as the Source for All SSH Packets
You can designate a loopback interface, virtual interface, or Ethernet port as the source for all SSH packets from
the device. The software uses the IP address with the numerically lowest value configured on the port or interface
as the source IP address for SSH packets originated by the device.
NOTE: When you specify a single SSH source, you can use only that source address to establish SSH
management sessions with the HP device.
To specify the numerically lowest IP address configured on a loopback interface as the device's source for all SSH
packets, enter commands such as a the following:
ProCurveRS(config)# int loopback 2
ProCurveRS(config-lbif-2)# ip address 10.0.0.2/24
ProCurveRS(config-lbif-2)# exit
ProCurveRS(config)# ip ssh source-interface loopback 2
The commands in this example configure loopback interface 2, assign IP address 10.0.0.2/24 to the interface, then
designate the interface as the source for all SSH packets from the Routing Switch.
Syntax: ip ssh source-interface ethernet <portnum> | loopback <num> | ve <num>
The <num> parameter is a loopback interface or virtual interface number. If you specify an Ethernet port, the
<portnum> is the port's number. For example:
ProCurveRS(config)# interface ethernet 1/4
ProCurveRS(config-if-1/4)# ip address 209.157.22.110/24
ProCurveRS(config-if-1/4)# exit
ProCurveRS(config)# ip ssh source-interface ethernet 1/4
3 - 8
June 2005
Advertisement
Table of Contents
