Hp 2800 User Manual download pdf (Page 135)

Configuring Secure Shell (SSH)

Overview

Note SSH in the HP Procurve is based on the OpenSSH software toolkit. For more

information on OpenSSH, visit http://www.openssh.com

Switch SSH and User Password Authentication . This option is a subset

of the client public-key authentication show in figure 6-1. It occurs if the switch

has SSH enabled but does not have login access (login public-key) configured

to authenticate the client’s key. As in figure

6-1, the switch authenticates itself

to SSH clients. Users on SSH clients then authenticate themselves to the

switch (login and/or enable levels) by providing passwords stored locally on

the switch or on a TACACS+ or RADIUS server. However, the client does not

use a key to authenticate itself to the switch.

Switch

(SSH

Server)

SSH

Client

Work-

Station

1. Switch-to-Client SSH

2. User-to-Switch (login password and

enable password authentication)

options:

– Local

– TACACS+

Figure 6-2. Switch/User Authentication

SSH on the HP ProCurve switches covered in this guide supports these data

encryption methods:

 3DES (168-bit)

 DES (56-bit)

Note The HP ProCurve switches covered in this guide use the RSA algorithm for

internally generated keys (v1/v2 shared host key & v1 server key). However,

HP ProCurve switches support both RSA and DSA/DSS keys for client authen-

tication. All references to either a public or private key mean keys generated

using these algorithms unless otherwise noted

6-3

1 2 ... 130 131 132 133 134 135 136 137 138 139 140 ... 299 300

No comments

Hp 2800 User Manual Page 135