HP 2800 User Manual

Configuring Secure Shell (SSH)
Steps for Configuring and Using SSH for Switch and Client Authentication

Steps for Configuring and Using SSH for
Switch and Client Authentication

For two-way authentication between the switch and an SSH client, you must
use the login (Operator) level.

Table 6-1.

SSH Options

Switch

Access

Level

Primary SSH

Authentication

Authenticate

Switch Public Key

to SSH Clients?

Authenticate

Client Public Key

to the Switch?

Primary Switch

Password

Authentication

Secondary Switch

Password

Authentication

Operator
(Login)
Level

ssh login rsa

Yes

Yes

1

No

1

local or none

ssh login Local

Yes

No

Yes

local or none

ssh login TACACS

Yes

No

Yes

local or none

ssh login RADIUS

Yes

No

Yes

local or none

Manager
(Enable)
Level

ssh enable local

Yes

No

Yes

local or none

ssh enable tacacs

Yes

No

Yes

local or none

ssh enable radius

Yes

No

Yes

local or none

1

For ssh login public-key, the switch uses client public-key authentication instead of the switch password options for

primary authentication.

The general steps for configuring SSH include:

A. Client Preparation

1. Install an SSH client application on a management station you want

to use for access to the switch. (Refer to the documentation provided
with your SSH client application.)

2. Optional—If you want the switch to authenticate a client public-key

on the client:

a. Either generate a public/private key pair on the client computer

(if your client application allows) or import a client key pair that
you have generated using another SSH application.

b. Copy the client public key into an ASCII file on a TFTP server

accessible to the switch and download the client public key file to
the switch. (The client public key file can hold up to ten client
keys.) This topic is covered under “To Create a Client-Public-Key
Text File” on page 6-23.

6-6