HP 4100GL User Manual

Configuring Secure Shell (SSH)
Configuring the Switch for SSH Operation

Syntax: aaa authentication ssh enable < local | tacacs | radius > < local | none >

Configures a password method for the primary and
secondary enable (Manager) access. If you do not spec­
ify an optional secondary method, it defaults to

none.

For example, assume that you have a client public-key file named

Client-

Keys.pub (on a TFTP server at 10.33.18.117) ready for downloading to the
switch. For SSH access to the switch you want to allow only clients having a
private key that matches a public key found in

Client-Keys.pub. For Manager

-

level (enable) access for successful SSH clients you want to use TACACS+ for
primary password authentication and

local for secondary password authenti-

cation, with a Manager username of "1eader" and a password of "m0ns00n".
To set up this operation you would configure the switch in a manner similar
to the following:

Configures Manager user­
name and password.

Configures the
switch to allow
SSH access only a
client whose
public key
matches one of the
keys in the public
key file

Configures the primary and
secondary password methods for
Manager (enable) access. (Becomes
available after SSH access is granted

Copies a public key file
named "Client-Keys.pub"
into the switch.

Figure 4-13. Configuring for SSH Access Requiring a Client Public-Key Match and Manager Passwords

4-20