1. Manuals
  2. Brands
  3. HP Manuals
  4. Switch
  5. 445946-001
  6. Application manual

Ssh And Scp Encryption Of Management Messages; Generating Rsa Host And Server Keys For Ssh Access - HP 445946-001 Application Manual

10gb ethernet bl-c switch
Hide thumbs
Table of Contents

Advertisement

Applying and saving configuration
Enter the apply and save commands after the command above (scp ad4.cfg
205.178.15.157:putcfg), or use the following commands. You will be prompted for a password.
>> # scp <local_filename> <user>@<switch IP addr>:putcfg_apply
>> # scp <local_filename> <user>@<switch IP addr>:putcfg_apply_save
For example:
>> # scp ad4.cfg admin@205.178.15.157:putcfg_apply
>> # scp ad4.cfg admin@205.178.15.157:putcfg_apply_save
NOTE:
The diff command is automatically executed at the end of putcfg to notify the remote client of the
difference between the new and the current configurations.
putcfg_apply runs the apply command after the putcfg is done.
putcfg_apply_save saves the new configuration to the flash after putcfg_apply is done.
The putcfg_apply and putcfg_apply_save commands are provided because extra apply and
save commands are usually required after a putcfg.

SSH and SCP encryption of management messages

The following encryption and authentication methods are supported for SSH and SCP:
Server Host Authentication—Client RSA authenticates the switch at the beginning of every connection
Key Exchange—RSA
Encryption—AES256-CBC, AES192-CBC, 3DES-CBC, 3DES, ARCFOUR
User Authentication—Local password authentication, RADIUS, TACACS+

Generating RSA host and server keys for SSH access

To support the SSH server feature, two sets of RSA keys (host and server keys) are required. The host key
is 1024 bits and is used to identify the switch. The server key is 768 bits and is used to make it
impossible to decipher a captured session by breaking into the switch at a later time.
When the SSH server is first enabled and applied, the switch automatically generates the RSA host and
server keys and is stored in the flash memory.
To configure RSA host and server keys, first connect to the switch console connection (commands are not
available via Telnet connection), and enter the following commands to generate them manually:
>> # /cfg/sys/sshd/hkeygen
>> # /cfg/sys/sshd/skeygen
These two commands take effect immediately without the need of an apply command.
When the switch reboots, it will retrieve the host and server keys from the flash memory. If these two keys
are not available in the flash memory and if the SSH server feature is enabled, the switch automatically
generates them during the system reboot. This process may take several minutes to complete.
The switch can also automatically regenerate the RSA server key. To set the interval of RSA server key
autogeneration, use the following command:
>> # /cfg/sys/sshd/intrval <number of hours (0-24)>
Accessing the switch
(Generates the host key)
(Generates the server key)
33

Advertisement

Table of Contents
loading

Related Manuals for HP 445946-001

Related Content for HP 445946-001

This manual is also suitable for:

445860-b21 - 10gb ethernet bl-c switch

Table of Contents