Assigning A Local Login (Operator) And Enable (Manager) Password; Generating The Switch's Public And Private Key Pair - HP 3500yl Series Access Security Manual

SSH-Related Commands in This Section
copy sftp ssh-client-known-hosts [user <username |
username@>] <hostname | IPv4 | IPv6> <filename>
[append]
copy ssh-client-known-hosts sftp [user <username |
username@>] <hostname | IPv4 | IPv6> <filename>
copy ssh-server-pub-key sftp [user <username |
username@>] <hostname | IPv4 | IPv6> <filename>
crypto key zeroize ssh-client-key
crypto key zeroize ssh-client-known-hosts
show session-list
1. Assigning a Local Login (Operator) and
Enable (Manager) Password
At a minimum, HP recommends that you always assign at least a Manager
password to the switch. Otherwise, under some circumstances, anyone with
Telnet, web, or serial port access could modify the switch's configuration.
To Configure Local Passwords. You can configure both the Operator and
Manager password with one command.
: password < manager | operator | all >
Syntax
Switch(config)# password all
New password for Operator: ********
Please retype new password for Operator: ********
New password for Manager: *******
Please retype new password for Manager: *******
New pasword for Manager: *******
Figure 8-4. Example of Configuring Local Passwords

2. Generating the Switch's Public and Private Key Pair

You must generate a public and private host key pair on the switch. The switch
uses this key pair, along with a dynamically generated session key pair to
negotiate an encryption method and session with an SSH client trying to
connect to the switch.
The host key pair is stored in the switch's flash memory, and only the public
key in this pair is readable. The public key should be added to a "known hosts"
file (for example, $HOME/.ssh/known_hosts on UNIX systems) on the
Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
Page
8-34
8-34
8-36
8-36
8-37
8-37
8-9