Overview, Overview -2 – HP 2800 User Manual

Configuring Secure Shell (SSH)
Overview

Overview

Feature

Default

Menu

CLI

Web

Generating a public/private key pair on the switch

No

n/a

page 6-10

n/a

Using the switch’s public key

n/a

n/a

page 6-12

n/a

Enabling SSH

Disabled

n/a

page 6-15

n/a

Enabling client public-key authentication

Disabled

n/a

pages 6-19,

n/a

6-21

Enabling user authentication

Disabled

n/a

page 6-18

n/a

The HP switches covered in this guide use Secure Shell version 1 or 2 (SSHv1
or SSHv2) to provide remote access to management functions on the switches
via encrypted paths between the switch and management station clients
capable of SSH operation.

SSH provides Telnet-like functions but, unlike Telnet, SSH provides encrypted,
authenticated transactions. The authentication types include:

■

Client public-key authentication

■

Switch SSH and user password authentication

Client Public Key Authentication (Login/Operator Level) with User
Password Authentication (Enable/Manager Level).

This option uses

one or more public keys (from clients) that must be stored on the switch. Only
a client with a private key that matches a stored public key can gain access
to the switch. (The same private key can be stored on one or more clients.)

HP

Switch

(SSH

Server)

1. Switch-to-Client SSH authentication.

2. Client-to-Switch (login rsa) authentication

3.User-to-Switch (enable password) authentication

options:

– Local
– TACACS+
– RADIUS
– None

SSH

Client

Work-

Station

Figure 6-1. Client Public Key Authentication Model

6-2