Installation and Getting Started Guide
Setting the Host Name and Domain Name
If you have not already done so, establish a host name and domain name for the HP device. For example:
HP9300(config)# hostname HP9300
HP9300(config)# ip dns domain-name hpshopping.com
Syntax: hostname <name>
Syntax: ip dns domain-name <name>
Generating a Host RSA Key Pair
When SSH is configured, a public and private host RSA key pair is generated for the HP device. The SSH server
on the HP device uses this host RSA key pair, along with a dynamically generated server RSA key pair, to
negotiate a session key and encryption method with the client trying to connect to it.
The host RSA key pair is stored in the HP device's system-config file. Only the public key is readable. The public
key should be added to a "known hosts" file (for example, $HOME/.ssh/known_hosts on UNIX systems) on the
clients who want to access the device. Some SSH client programs add the public key to the known hosts file
automatically; in other cases, you must manually create a known hosts file and place the HP device's public key in
it. See "Providing the Public Key to Clients" on page 4-2 for an example of what to place in the known hosts file.
To generate a public and private RSA host key pair for the HP device:
HP9300(config)# crypto key generate rsa
HP9300(config)# write memory
The crypto key generate rsa command places an RSA host key pair in the running-config file and enables SSH
on the device. To disable SSH, you must delete the RSA host key pair. To do this, enter the following commands:
HP9300(config)# crypto key zeroize rsa
HP9300(config)# write memory
The crypto key zeroize rsa command deletes the RSA host key pair in the running-config file and disables SSH
on the device.
Syntax: crypto key generate | zeroize rsa
Providing the Public Key to Clients
If you are using SSH to connect to an HP device from a UNIX system, you may need to add the HP device's public
key to a "known hosts" file; for example, $HOME/.ssh/known_hosts. The following is an example of an entry in a
known hosts file:
10.10.20.10 1024 37 1187718818626770304648512887372580468560316406358876792301
In this example, 10.10.20.10 is the IP address of an SSH-enabled HP switch or routing switch. The second
number, 1024, is the size of the host key, and the third number, 37, is the encoded public exponent. The remaining
text is the encoded modulus.
Configuring RSA Challenge-Response Authentication
With RSA challenge-response authentication, a collection of clients' public keys are stored on the HP device.
Clients are authenticated using these stored public keys. Only clients that have a private key that corresponds to
one of the stored public keys can gain access to the device using SSH.
When RSA challenge-response authentication is enabled, the following events occur when a client attempts to
gain access to the device using SSH:
4 - 2