Providing The Switch's Public Key To Clients - HP procurve switch 2650 Access Security Manual

Hide thumbs Also See for procurve switch 2650:

Management and configuration manual (524 pages)

Install manual (86 pages)

Read me first (4 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

page of 184

/ 184
Contents
Table of Contents
Bookmarks

Table of Contents

Configuring Secure Shell (SSH)

Configuring the Switch for SSH Operation

Figure 4-7. Example of Generating a Public/Private Host Key Pair for the Switch

N o t e s

N o t e o n t h e

P u b li c K e y

F o rm a t

4-12

For example, to generate and display a new key:

"Zeroizing" the switch's key automatically disables SSH (sets IP SSH to No).

Thus, if you zeroize the key and then generate a new key, you must also re-

enable SSH with the ip ssh command before the switch can resume SSH

operation.

3. Providing the Switch's Public Key to Clients

When an SSH client contacts the switch for the first time, the client will

challenge the connection unless you have already copied the key into the

client's "known host" file. Copying the switch's key in this way reduces the

chance that an unauthorized device can pose as the switch to learn your access

passwords. The most secure way to acquire the switch's public key for

distribution to clients is to use a direct, serial connection between the switch

and a management device (laptop, PC, or UNIX workstation), as described

below.

The switch uses SSH version 1, but can be authenticated by SSH version 2

clients that are backwards-compatible to SSHv1. However, if your SSH client

supports SSHv2, then it may use the PEM format for storing the switch's public

key in its "known host" file. In this case, the following procedure will not work

for the client unless you have a method for converting the switch's ASCII-

string public key into the PEM format. If you do not have a conversion method,

then you can still set up authentication of the switch to the client over the

network by simply using your client to contact the switch and then accepting

the resulting challenge that your client should pose to accepting the switch.

This should be acceptable as long as you are confident that there is no "man-

in-the-middle" spoofing attempt during the first contact. Because the client

will acquire the switch's public key after you accept the challenge, subsequent

contacts between the client and the switch should be secure.

Host Public

Key for the

Switch

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Procurve 6108

Providing The Switch's Public Key To Clients - HP procurve switch 2650 Access Security Manual

3. Providing the Switch's Public Key to Clients

Hide quick links:

Related Manuals for HP procurve switch 2650

Related Content for HP procurve switch 2650

This manual is also suitable for:

Table of Contents