Use An Ssh Client To Access The Switch; Further Information On Ssh Client Public-Key Authentication - HP ProCurve Switch 6120G/XG Manual
Hp procurve series 6120 blade switches access security guide
Hide thumbs
Also See for ProCurve Switch 6120G/XG:
- Configuration manual (662 pages) ,
- Manual (606 pages) ,
- Management manual (222 pages)
Table of Contents
Advertisement
Configuring Secure Shell (SSH)
Further Information on SSH Client Public-Key Authentication
6-24
6. Use an SSH Client To Access the Switch
Test the SSH configuration on the switch to ensure that you have achieved the
level of SSH operation you want for the switch. If you have problems, refer to
"RADIUS-Related Problems" in the Troubleshooting chapter of the Manage-
ment and Configuration Guide for your switch.
Further Information on SSH Client
Public-Key Authentication
The section titled "5. Configuring the Switch for SSH Authentication" on page
6-20 lists the steps for configuring SSH authentication on the switch. However,
if you are new to SSH or need more details on client public-key authentication,
this section may be helpful.
When configured for SSH operation, the switch automatically attempts to use
its own host public-key to authenticate itself to SSH clients. To provide the
optional, opposite service—client public-key authentication to the switch—
you can configure the switch to store up to ten public keys for authenticating
clients. This requires storing an ASCII version of each client's public key
(without babble conversion, or fingerprint conversion) in a client public-key
file that you create and TFTP-copy to the switch. In this case, only clients that
have a private key corresponding to one of the stored public keys can gain
access to the switch using SSH. That is, if you use this feature, only the clients
whose public keys are in the client public-key file you store on the switch
will have SSH access to the switch over the network. If you do not allow
secondary SSH login (Operator) access via local password, then the switch
will refuse other SSH clients.
SSH clients that support client public-key authentication normally provide a
utility to generate a key pair. The private key is usually stored in a password-
protected file on the local host; the public key is stored in another file and is
not protected.
(Note that even without using client public-key authentication, you can still
require authentication from whoever attempts to access the switch from an
SSH client— by employing the local username/password, TACACS+, or
RADIUS features. Refer to "5. Configuring the Switch for SSH Authentication"
on page 6-20.)
If you enable client public-key authentication, the following events occur
when a client tries to access the switch using SSH:
Hide quick links:
Advertisement
Table of Contents
