Authentication; Scp/Sftp Operating Notes - HP ProCurve 6120G/XG Configuration Manual

File Transfers
Downloading Switch Software
Note
As a matter of policy, administrators should not enable the SSHv1-only or the
SSHv1-or-v2 advertisement modes. SSHv1 is supported on only some legacy
switches (such as the HP ProCurve 2500 switches).
To confirm that SSH is enabled type in the command
ProCurve(config)# show ip ssh
Once you have confirmed that you have enabled an SSH session (with the show
ip ssh command), enter ip ssh filetransfer so that SCP and/or SFTP can run. You
can then open your third-party software client application to begin using the
SCP or SFTP commands to safely transfer files or issue commands to the
switch.
If you need to disable secure file transfer:
ProCurve(config)# no ip ssh filetransfer

Authentication

Switch memory allows up to ten public keys. This means the authentication
and encryption keys you use for your third-party client SCP/SFTP software
can differ from the keys you use for the SSH session, even though both SCP
and SFTP use a secure SSH tunnel.
N o t e
SSH authentication is mutually exclusive with RADIUS servers.
Some clients such as PSCP (PuTTY SCP) automatically compare switch host
keys for you. Other clients require you to manually copy and paste keys to the
$HOME/.ssh/known_hosts file. Whatever SCP/SFTP software tool you use, after
installing the client software you must verify that the switch host keys are
available to the client.
Because the third-party software utilities you may use for SCP/SFTP vary, you
should refer to the documentation provided with the utility you select before
performing this process.

SCP/SFTP Operating Notes

■
A-16
Any attempts to use SCP or SFTP without using ip ssh filetransfer will cause
the SCP or SFTP session to fail. Depending on the client software in use,
you will receive an error message on the originating console, for example:
IP file transfer not enabled on the switch