Switch ssh and user password authentication – HP 2800 User Manual

Configuring Secure Shell (SSH)

Overview

N o t e

SSH in the HP Procurve is based on the OpenSSH software toolkit. For more
information on OpenSSH, visit

http://www.openssh.com

.

Switch SSH and User Password Authentication .

This option is a subset

of the client public-key authentication show in figure 6-1. It occurs if the switch
has SSH enabled but does not have login access (

login public-key) configured

to authenticate the client’s key. As in figure 6-1, the switch authenticates itself
to SSH clients. Users on SSH clients then authenticate themselves to the
switch (login and/or enable levels) by providing passwords stored locally on
the switch or on a TACACS+ or RADIUS server. However, the client does not
use a key to authenticate itself to the switch.

HP

Switch

(SSH

Server)

SSH

Client

Work-

Station

1. Switch-to-Client SSH

2. User-to-Switch (login password and

enable password authentication)
options:

– Local
– TACACS+

Figure 6-2. Switch/User Authentication

SSH on the HP ProCurve switches covered in this guide supports these data
encryption methods:

■

3DES (168-bit)

■

DES (56-bit)

N o t e

The HP ProCurve switches covered in this guide use the RSA algorithm for
internally generated keys (v1/v2 shared host key & v1 server key). However,
HP ProCurve switches support both RSA and DSA/DSS keys for client authen­
tication. All references to either a public or private key mean keys generated
using these algorithms unless otherwise noted

6-3