HP ProCurve 2510G Series Manual page 166

Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation
C a u t i o n
6-20
Syntax: copy tftp pub-key-file < ip-address > < filename >
Copies a public key file into the switch.
aaa authentication ssh login public-key
Configures the switch to authenticate a client public-key at
the login level with an optional secondary password method
(Default: none).
Note: The secondary access cannot be local.
To allow SSH access only to clients having the correct public key, you must
configure the secondary (password) method for login public-key to none.
Otherwise a client without the correct public key can still gain entry by
submitting a correct local login password.
Syntax: aaa authentication ssh enable < local | tacacs | radius > < local | none >
Configures a password method for the primary and second-
ary enable (Manager) access. If you do not specify an
optional secondary method, it defaults to none.
Note: If the primary access is local, the secondary access
cannot be local.
For example, assume that you have a client public-key file named Client-
Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in Client-Keys.pub. For Manager-
level (enable) access for successful SSH clients you want to use TACACS+ for
primary password authentication and local for secondary password authenti-
cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following: