HP procurve switch 2650 Access Security Manual page 101

Hide thumbs Also See for procurve switch 2650:

Management and configuration manual (524 pages)

Install manual (86 pages)

Read me first (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

page of 184

/ 184
Contents
Table of Contents
Bookmarks

Table of Contents

C a u ti o n

Copy the public-key file into a TFTP server accessible to the switch and

download the file to the switch.

(For more on these topics, refer to "MoreInformation on SSH Client Public-

Key Authentication" on page 4-21.)

With steps 1 - 3, above, completed and SSH properly configured on the switch,

if an SSH client contacts the switch, login authentication automatically occurs

first, using the switch and client public-keys. After the client gains login

access, the switch controls client access to the manager level by requring the

passwords configured earlier by the aaa authentication ssh enable command.

Syntax: copy tftp pub-key-file < ip-address > < filename > < local | none >

Copies a public key file into the switch.

aaa authentication ssh login rsa

Configures the switch to authenticate a client public-

key at the login level with an optional secondary pass-

word method (default: none).

To allow SSH access only to clients having the correct public key, you must

configure the secondary (password) method for login rsa to none. Otherwise

a client without the correct public key can still gain entry by submitting a

correct local login password.

Syntax: aaa authentication ssh enable < local | tacacs | radius > < local | none >

Configures a password method for the primary and

secondary enable (Mana ger) access. If you do not

specify an optional secondary method, it defaults to

none.

For example, assume that you have a client public-key file named Client-

Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the

switch. For SSH access to the switch you want to allow only clients having a

private key that matches a public key found in Client-Keys.pub. For Manager-

level (enable) access for successful SSH clients you want to use TACACS+ for

primary password authentication and local for secondary password authenti-

cation, with a Manager username of "1eader" and a password of "m0ns00n".

To set up this operation you would configure the switch in a manner similar

to the following:

Configuring Secure Shell (SSH)

Configuring the Switch for SSH Operation

4-19

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Procurve 6108

HP procurve switch 2650 Access Security Manual page 101

Hide quick links:

Related Manuals for HP procurve switch 2650

Related Products for HP procurve switch 2650

This manual is also suitable for:

Table of Contents