Configuring Secure Shell
The crypto key generate rsa public_key and crypto key generate rsa private_key statements are both
generated by the crypto key generate rsa command. The public key is visible; the private key is not. You may
need to copy the public key to a "known hosts" file (for example, $HOME/.ssh/known_hosts on UNIX systems) on
the clients who want to access the device. See "Providing the Public Key to Clients" on page 4-2 for an example
of what to place in the known hosts file.
The ip ssh authentication-retries 5 command sets the number of times the HP device attempts to negotiate a
connection with the connecting host to 5.
Using Secure Copy
Secure Copy (SCP) uses security built into SSH to transfer files between hosts on a network, providing a more
secure file transfer method than Remote Copy (RCP) or FTP. SCP automatically uses the authentication
methods, encryption algorithm, and data compression level configured for SSH. For example, if password
authentication is enabled for SSH, the user is prompted for a user name and password before SCP allows a file to
be transferred. No additional configuration is required for SCP on top of SSH.
You can use SCP to copy files on the HP device, including the startup-config and running-config files, to or from an
SCP-enabled remote host.
SCP is enabled by default and can be disabled. To disable SCP, enter the following command:
HP9300(config)# ip ssh scp disable
Syntax: ip ssh scp disable | enable
NOTE: If you disable SSH, SCP is also disabled.
The following are examples of using SCP to transfer files from and to an HP device
NOTE: When using SCP, you enter the scp commands on the SCP-enabled client, rather than the console on
the HP device.
NOTE: Certain SCP client options, including -p and -r, are ignored by the SCP server on the HP device. If an
option is ignored, the client is notified.
To copy a configuration file (c:\cfg\hp.cfg) to the running-config file on an HP device at 192.168.1.50 and log in as
user terry, enter the following command on the SCP-enabled client:
C:\> scp c:\cfg\hp.cfg email@example.com:runConfig
If password authentication is enabled for SSH, the user is prompted for user terry's password before the file
transfer takes place.
To copy the configuration file to the startup-config file:
C:\> scp c:\cfg\hp.cfg firstname.lastname@example.org:startConfig
To copy the running-config file on an HP device to a file called c:\cfg\hpconfig.cfg on the SCP-enabled client:
C:\> scp email@example.com:runConfig c:\cfg\hpconfig.cfg
To copy the startup-config file on an HP device to a file called c:\cfg\hpstart.cfg on the SCP-enabled client:
C:\> scp firstname.lastname@example.org:startConfig c:\cfg\hpstart.cfg
4 - 9