HP ProCurve 9304M Security Manual page 85

Routing switches

Hide thumbs Also See for ProCurve 9304M:

Management and configuration manual (690 pages)

Installation and configuration manual (504 pages)

Installation and getting started manual (348 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

page of 172

/ 172
Contents
Table of Contents
Bookmarks

Table of Contents

Sample SSH Configuration

The following is a sample SSH configuration for an HP device.

hostname ProCurveRS

ip dns domain-name hp.com

aaa authentication login default local

username neville password .....

username lynval password .....

username terry password .....

ip ssh permit-empty-passwd no

ip ssh pub-key-file tftp 192.168.1.234 pkeys.txt

crypto key generate rsa public_key "1024 35 144460146631716543532035011163035196

41193195125205894452637462409522275505020845087302985209960346239172995676329357

24777530188666267898195648253181551624681394520681672610828188310413962242301296

26883937176769776184984093100984017075369387071006637966650877224677979486802651

458324218055083313313948534902409 ProCurveRS@hp.com"

crypto key generate rsa private_key "*************************"

ip ssh authentication-retries 5

This aaa authentication login default local command configures the device to use the local user accounts to

authenticate users attempting to log in.

Three user accounts are configured on the device. The ip ssh permit-empty-passwd no command causes

users always to be prompted for a password when they attempt to establish an SSH connection. Since the device

uses local user accounts for authentication, only these three users are allowed to connect to the device using

SSH.

The ip ssh pub-key-file tftp command causes a public key file called pkeys.txt to be loaded from a TFTP server

at 192.168.1.234. To gain access to the HP device using SSH, a user must have a private key that corresponds to

one of the public keys in this file.

The crypto key generate rsa public_key and crypto key generate rsa private_key statements are both

generated by the crypto key generate rsa command. By default, the RSA host key pair appears in the running

config file, but not in the startup-config file. You can optionally configure the HP device to hide the RSA host key

pair in the running-config file with the ssh no-show-host-keys command. The actual private key is never visible

in either the running-config file or the startup-config file.

You may need to copy the public key to a "known hosts" file (for example, $HOME/.ssh/known_hosts on UNIX

systems) on the clients who want to access the device. See "Providing the Public Key to Clients" on page 3-4 for

an example of what to place in the known hosts file.

The ip ssh authentication-retries 5 command sets the number of times the HP device attempts to negotiate a

connection with the connecting host to 5.

Using Secure Copy

Secure Copy (SCP) uses security built into SSH to transfer files between hosts on a network, providing a more

secure file transfer method than Remote Copy (RCP) or FTP. SCP automatically uses the authentication

methods, encryption algorithm, and data compression level configured for SSH. For example, if password

authentication is enabled for SSH, the user is prompted for a user name and password before SCP allows a file to

be transferred. No additional configuration is required for SCP on top of SSH.

June 2005

Configuring Secure Shell

3 - 11

Table of Contents

This manual is also suitable for:

J4139aProcurve 9308mJ4874a Procurve 9408sl J4138a J8680a ... Show all

HP ProCurve 9304M Security Manual page 85

Related Manuals for HP ProCurve 9304M

Related Products for HP ProCurve 9304M

This manual is also suitable for:

Table of Contents