HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.2 administrator guide (5697-0 - Page 107
Secure Shell protocol
View all HP StorageWorks 8/80 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 107 highlights
Example: systemGroup configuration (default) switch:admin> snmpconfig --default systemGroup ***** This command will reset the agent's system group configuration back to factory default ***** sysDescr = Fibre Channel Switch sysLocation = End User Premise sysContact = Field Support authTraps = 0 (OFF) ***** Are you sure? (yes, y, no, n): [no] y Secure Shell protocol To ensure security, Fabric OS supports secure shell (SSH) encrypted sessions. SSH encrypts all messages, including the client transmission of the password during login. The SSH package contains a daemon (sshd), which runs on the switch. The daemon supports a wide variety of encryption algorithms, such as Blowfish-Cipher block chaining (CBC) and Advanced Encryption Standard (AES). NOTE: To maintain a secure network, you should avoid using Telnet or any other unprotected application when you are working on the switch. The File Transfer Protocol (FTP) is also not secure. When you use FTP to copy files to or from the switch, the contents are in clear text. This includes the remote FTP server's login and password. This limitation affects the following commands: saveCore, configUpload, configDownload, and firmwareDownload. Commands that require a secure login channel must originate from an SSH session. If you start an SSH session and then use the login command to start a nested SSH session, commands that require a secure channel will be rejected. Fabric OS 6.1.0 supports SSH protocol 2.0 (ssh2). For more information on SSH, see the SSH IETF Web site: http://www.ietf.org/ids.by.wg/secsh.html For more information, see SSH, The Secure Shell: The Definitive Guide by Daniel J. Barrett, Ph. D., Richard E. Silverman, and Robert G. Byrnes. SSH public key authentication OpenSSH public key authentication provides password-less logins, known as SSH authentication, that uses public and private key pairs for incoming and outgoing authentication. This feature allows only one allowed-user to be configured to utilize OpenSSH public key authentication. Using OpenSSH RSA and DSA, the authentication protocols are based on a pair of specially generated cryptographic keys, called the private key and the public key. The advantage of using these key-based authentication systems is that in many cases, it is possible to establish secure connections without having to manually type in a password. RSA and DSA asynchronous algorithms are FIPS-compliant. Allowed-user The default admin user must set up the allowed-user with the admin role. By default, the admin is the configured allowed-user. While creating the key pair, the configured allowed-user can choose a passphrase with which the private key is encrypted. The passphrase must then always be entered when authenticating to the switch. The allowed-user must have an admin role that can perform OpenSSH public key authentication, import and export keys, generate a key pair for an outgoing connection, and delete public and private keys. After the allowed-user is changed, all the public keys related to the old allowed-user are lost. Fabric OS 6.2 administrator guide 105