Note
SSH in ProCurve switches is based on the OpenSSH software toolkit. For more
information on OpenSSH, visit www.openssh.com .
Switch SSH and User Password Authentication . This option is a subset
of the client public-key authentication shown in figure 7-1. It occurs if the
switch has SSH enabled but does not have login access (login public-key)
configured to authenticate the client's key. As in figure 7-1, the switch authen
ticates itself to SSH clients. Users on SSH clients then authenticate themselves
to the switch (login and/or enable levels) by providing passwords stored
locally on the switch or on a TACACS+ or RADIUS server. However, the client
does not use a key to authenticate itself to the switch.
ProCurve
Switch
(SSH
Server)
Figure 7-2. Switch/User Authentication
Terminology
■
■
■
■
■
1. Switch-to-Client SSH
2. User-to-Switch (login password and
enable password authentication)
options:
– Local
– TACACS+
SSH Server: A ProCurve switch with SSH enabled.
Key Pair: A pair of keys generated by the switch or an SSH client
application. Each pair includes a public key, that can be read by
anyone and a private key held internally in the switch or by a client.
PEM (Privacy Enhanced Mode): Refers to an ASCII-formatted
client public-key that has been encoded for portability and efficiency.
SSHv2 client public-keys are typically stored in the PEM format. See
figure 7-3 for an example of PEM-encoded ASCII keys.
Private Key: An internally generated key used in the authentication
process. A private key generated by the switch is not accessible for
viewing or copying. A private key generated by an SSH client applica
tion is typically stored in a file on the client device and, together with
its public key counterpart, can be copied and stored on multiple
devices.
Public Key: An internally generated counterpart to a private key. A
device's public key is used to authenticate the device to other devices.
Configuring Secure Shell (SSH)
Terminology
SSH
Client
Work-
Station
7-3